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Preface 


As organizations and entrepreneurs continue to operate in an increasingly 
competitive and global marketplace, workers in all business areas includ- 
ing accounting, customer service, distribution, finance, human resources, 
information systems, logistics, marketing, manufacturing, research and 
development, and sales must be well prepared to make the significant con- 
tributions required for success. Regardless of your future role, even if you 
are an entrepreneur, you need to understand what information systems 
can and cannot do and be able to use them to help you achieve personal 
and organizational goals. You will be expected to discover opportunities 
to use information systems and to participate in the design and implemen- 
tation of solutions to business problems employing information systems. 
To be successful, you must be able to view information systems from the 
perspective of business and organizational needs. For your solutions to 
be accepted, you must recognize and address their impact on coworkers, 
customers, suppliers, and other key business partners. For these reasons, 
a course in information systems is essential for students in today’s high- 
tech world. 

Principles of Information Systems, Fourteenth Edition, continues the 
tradition and approach of previous editions. Our primary objective is to 
provide the best information systems text and accompanying materials for the 
first information systems course required for all business students. We want 
you to learn to use information systems to ensure your personal success in 
your current or future role and to improve the success of your organization. 
Through surveys, questionnaires, focus groups, and feedback that we have 
received from current and past adopters, as well as others who teach in the 
field, we have been able to develop the highest-quality set of teaching materi- 
als available to help you achieve these goals. 

Principles of Information Systems, Fourteenth Edition, stands proudly at 
the beginning of the IS curriculum and remains unchallenged in its position 
as the only IS principles text offering basic IS concepts that every business 
student must learn to be successful. Instructors of the introductory course 
faced a dilemma. On one hand, experience in business organizations allows 
students to grasp the complexities underlying important IS concepts. For this 
reason, many schools delayed presenting these concepts until students com- 
pleted a large portion of their core business requirements. On the other hand, 
delaying the presentation of IS concepts until students have matured within 
the business curriculum often forces the one or two required introductory 
IS courses to focus only on personal computing software tools and, at best, 
merely to introduce computer concepts. 

This text has been written specifically for the introductory course in 
the IS curriculum. Principles of Information Systems, Fourteenth Edition, 
addresses the appropriate computer and IS concepts while also provid- 
ing a strong managerial emphasis on meeting business and organizational 
needs. 
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Approach of This Text 5 a 


Principles of Information Systems, Fourteenth Edition, offers the traditional 
coverage of computer concepts, but places the material within the context 
of meeting business and organizational needs. Placing information systems 
concepts within this context and taking a management perspective has 
always set this text apart from other computer texts, thus making it appeal- 
ing not only to MIS majors but also to students from other fields of study. 
The text is not overly technical, but rather deals with the role that informa- 
tion systems play in an organization and the key principles a manager or 
technology specialist needs to grasp to be successful. The principles of IS 
are brought together and presented in a way that is understandable, rele- 
vant, and interesting. In addition, the text offers an overview of the entire 
IS discipline, while giving students a solid foundation for further study 
in more advanced IS courses such as programming, systems analysis and 
design, project management, database management, data communications, 
Web site design and development, information system security, big data 
and analytics, e-commerce, and informatics. As such, it serves the needs 
of both general business managers and those who aspire to become IS 
professionals. 

While the fundamental vision of this market-leading text remains 
unchanged, in the Fourteenth Edition the structure and topic coverage have 
been reexamined and realigned to more clearly highlight established prin- 
ciples and draw on new ones that have emerged as a result of business, 
organizational, technological, and societal changes. 


IS Principles First, Where They Belong 


Exposing students to basic IS principles is an advantage even for those 
students who take no IS courses beyond the introductory IS course. Since 
most functional areas of the business rely on information systems, an 
understanding of IS principles helps students in their other course work. In 
addition, introducing students to the principles of information systems helps 
future business managers and entrepreneurs employ information systems 
successfully and avoid mishaps that often result in unfortunate consequences. 
Furthermore, presenting IS concepts at the introductory level creates interest 
among students who may later choose information systems as their field of 
concentration. 


Goals of This Text 3 ’ 2 


Because Principles of Information Systems, Fourteenth Edition, is written for 
business majors, we believe that it is important not only to present a realis- 
tic perspective on IS in business but also to provide students with the skills 
they can use to be effective business leaders in their organizations. To that 
end, Principles of Information Systems, Fourteenth Edition, has three main 
goals: 


1. To provide a set of core IS principles that prepare students to function 
more efficiently and effectively as workers, managers, decision makers, 
and organizational leaders 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


xvi 


PREFACE 


2. To provide insights into the challenging and changing role of the IS 
professional so that students can better appreciate the role of this key 
individual 

3. To show the value of the IS discipline as an attractive field of specializa- 
tion so that students can evaluate this as a potential career path 


IS Principles 


Principles of Information Systems, Fourteenth Edition, although comprehen- 
sive, cannot cover every aspect of the rapidly changing IS discipline. The 
authors, having recognized this, provide students with an essential core of 
guiding IS principles to use as they strive to use IS systems in their academic 
and work environment. Think of principles as basic truths or rules that remain 
constant regardless of the situation. As such, they provide strong guidance for 
tough decision making. A set of IS principles is highlighted at the beginning 
of each chapter. The use of these principles to solve real-world problems 
is driven home from the opening examples of cutting edge applications to 
the dozens of real-world examples of organizations applying these princi- 
ples interspersed throughout each chapter to the interesting and diverse end- 
of-chapter material. The ultimate goal of Principles of Information Systems, 
Fourteenth Edition, is to develop effective, thinking, action-oriented students 
by instilling them with principles to help guide their decision making and 
actions. 


Survey of the IS Discipline 


Principles of Information Systems, Fourteenth Edition, not only offers the tra- 
ditional coverage of computer concepts but also provides a broad framework 
to impart students with a solid grounding in the business uses of technology, 
the challenges of successful implementation, the necessity for gaining broad 
adoption of information systems, and the potential ethical and societal issues 
that may arise. In addition to serving general business students, this book 
offers an overview of the entire IS discipline and solidly prepares future IS 
professionals for advanced IS courses and careers in the rapidly changing IS 
discipline. 


Changing Role of the IS Professional 


As business and the IS discipline have changed, so too has the role of the IS 
professional. Once considered a technical specialist, today the IS professional 
operates as an internal consultant to all functional areas of the organization, 
being knowledgeable about their needs and competent in bringing the power 
of information systems to bear throughout the entire organization. The IS 
professional must view issues through a global perspective that encompasses 
the entire enterprise and the broader industry and business environment in 
which it operates. 

The scope of responsibilities of an IS professional today is not confined to 
just his or her organization but encompasses the entire ecosystem of employ- 
ees, contractors, suppliers, customers, competitors, regulatory agencies, and 
other entities, no matter where they are located. This broad scope of respon- 
sibilities creates a new challenge: how to help an organization survive in our 
highly interconnected, highly competitive global environment. In accepting 
that challenge, the IS professional plays a pivotal role in shaping the business 
itself and ensuring its success. To survive, businesses must strive for the high- 
est level of customer satisfaction and loyalty through innovative products and 
services, competitive prices, and ever-improving product and service quality. 
The IS professional assumes a critical role in determining the organizations 
approach to both overall cost and quality performance and therefore plays an 
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important role in the ongoing growth of the organization. This new duality in 
the role of the IS worker a professional who exercises a specialist’s skills with 
a generalist’s perspective is reflected throughout Principles of Information 
Systems, Fourteenth Edition. 


IS as a Field of Study 


Computer science and business were ranked #1 and #4, respectively, in the 
2019 Princeton Review list of top 10 college majors based on research cover- 
ing job prospects, alumni salaries, and popularity. A 2019 U.S. News & World 
Report study placed, software developer, operations research analyst, and Web 
developer as three of the top 25 best jobs for 2019 based on hiring demand, 
median salary, employment rate, future job prospects, stress level, and work 
life balance. The U.S. Bureau of Labor Statistics identified information security 
analysts, operation research analysts, and software and applications develop- 
ers as among the fastest growing occupations for the period 2018 and 2028. 
Clearly, the long-term job prospects for skilled and business-savvy informa- 
tion systems professionals is good. Employment of such workers is expected 
to grow faster than the average for all occupations through the year 2028. 
Upon graduation, IS graduates at many schools are among the highest paid of 
all business graduates. 

A career in IS can be exciting, challenging, and rewarding! Today, per- 
haps more than ever before, the IS professional must be able to align IS and 
organizational goals and to ensure that IS investments are justified from a 
business perspective. The need to draw bright and interested students into 
the IS discipline is part of our ongoing responsibility. Throughout this text, 
the many challenges and opportunities available to IS professionals are high- 
lighted and emphasized. 


Changes to the Fourteenth Edition 3 ’ 2 


A number of exciting changes have been made to the text based on user feed- 
back on how to align the text even more closely with changing IS needs and 
capabilities of organizations. Here is a summary of those changes: 


e Reorganized structure. The structure and subject coverage was 
reexamined to ensure related content has been better aligned, and 
that there is a clear, logical flow of topics throughout the text. Several 
chapters have been reordered from the previous edition, some chapters 
have been combined, some topics have been separated into new chapters, 
and there are new chapters that focus on emerging and growing areas. 

e New chapters covering the latest IS development. New chapters 
include Information Systems: People, Technology, Processes, and 
Structure; Networks: An Interconnected World; Cloud Computing 
and the Internet of Things; and Artificial Intelligence and Automation. 

e Extensive changes and updates in each chapter. The remaining 
chapters in the text have all been extensively updated to provide the 
latest information available on a wide range of IS-related topics including 
hundreds of new and current examples of organizations and individuals 
illustrating the principles presented in the text. 

e New opening case: IS in Action. Each chapter begins with an opening 
vignette to illustrate the concepts that will be covered in the chapter in 
the context of a real-world, business-focused example. 

e New alignment to AACSB standards. The opening case studies, critical 
thinking exercises, and end-of-chapter case studies have been aligned to 
the latest standards from the Association to Advance Collegiate Schools 
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of Business International (AACSB). Standards are indicated by a red 
arrow feature that appears before each activity. 

e Updated Critical Thinking Exercises. Each exercise features a scenario 
followed by review and critical thinking questions. Placed at the end 
of each major section of each chapter, these exercises test the students’ 
grasp of the material just read. Students must analyze a real-life scenario 
and synthesize the information provided to develop a recommendation 
of what needs to be done. The exercises can also be used to stimulate 
class discussion or as additional mini cases that may be assigned as 
individual or team exercises. 

e Updated summary linked to objectives. Each chapter includes a 
detailed summary, with each section of the summary updated as needed 
and tied to an associated information system principle. 

e Updated end-of-the chapter questions and exercises. The majority 
of the end-of-chapter exercises have been updated and the exercises 
have been realigned into the following assessment types: Review and 
Discussion Questions, Business-Driven Decision-Making Exercises, 
Teamwork and Collaboration Activities, Career Exercises, Case Study. 

e Updated case studies. One end-of-chapter case studies for each chapter 
provides a wealth of practical information for students and instructors. 
Each case explores a chapter concept or problem that a real-world 
organization has faced. The cases can be assigned as individual or 
team homework exercises or serve as the basis for class discussion. 

An additional online-only case study will be available within the online 


instructor resource materials. 
ion | 


MindTap for Principles of Information Systems, Fourteenth Edition, is a per- 
sonalized, fully online, digital learning platform of content, assignments, and 
services that engages students and encourages them to think critically, while 
allowing instructors to easily set their course through simple customization 
options. 

MindTap is designed to help students master the skills they need in 
today’s workforce. Research shows employers need critical thinkers, trou- 
bleshooters, and creative problem-solvers to stay relevant in our fast paced, 
technology-driven world. MindTap helps students achieve this with assign- 
ments and activities that provide hands-on practice and real-life relevance. 
They are guided through assignments that help them master basic knowledge 
and understanding before moving on to more challenging problems. 

Students can access eBook content in the MindTap Reader, which offers 
highlighting, note-taking, search and audio, and mobile access. Multimedia 
activities and assessments for this text include: 


MindTap for Principles of Information Systems, Fourteenth Edit 


updated Concept Clip videos 

updated lecture slides and flashcards 

new Career Connection videos 

new You Make the Decision branching exercises 

new Use It business-scenario based questions 

new IS for Life activities that focus on the latest industry trends 
an additional, online-only Case Study not featured in the text 
new SQL: Essentials for the Real World tutorial and coding lab 


assignments 
e access to the SAM MindTap app, which includes simulated computing 


activities in Microsoft Office 2019 
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MindTap allows instructors to measure skills and outcomes with ease. 
Personalized teaching becomes yours through a Learning Path built with key 
student objectives and the ability to control what students see and when they 
see it. Analytics and reports provide a snapshot of class progress, time in 
course, engagement, and completion rates. 


Student Resources J m 


Accessible through cengage.com, the student companion Web site contains 
the following study tools (and more!) to enhance one’s learning experience: 


e PowerPoint Lectures that cover the key points of each chapter 


Instructor Resources 5 A 


Instructor Companion Site 


As always, we are committed to providing the best teaching resource pack- 
ages available in this market. All instructor materials can be found on the 
password-protected Web site at http://login.cengage.com. Here you will find 
the following resources: 


e Instructors Manual. The comprehensive manual provides valuable 
chapter overviews; highlights key principles and critical concepts; 
learning objectives, and discussion topics; and features possible essay 
topics, further readings, cases, and solutions to the end-of-chapter 
questions and problems, as well as suggestions for conducting the team 
activities. 

e PowerPoint Lectures. A set of impressive Microsoft PowerPoint slides 
is available for each chapter. These slides are included to serve as a 
teaching aid for classroom presentation, to make available to students 
on the network for chapter review, or to be printed for classroom 
distribution. The goal of the presentations is to help students focus 
on the main topics of each chapter, take better notes, and prepare for 
examinations. Instructors can add their own slides for additional topics 
they introduce to the class. 

e Additional Case Studies. Additional, online-only case studies explore 
chapter concepts or problems that a real-world organization has faced. 

e Figure Files. Figure files allow instructors to create their own 
presentations using figures taken directly from the text. 

e Test Bank files. Test bank files (from Cognero) are provided for easy 
LMS integration. 


Test Bank and Cengage Testing Powered by Cognero 


Cognero is a full-featured, online-assessment system that allows instructors to 
manage test bank content, quickly create multiple test versions, deliver tests 
in several forms including from an LMS, and create test banks anywhere with 
Internet access! To access Cognero, log into your Cengage—SSO account at 
http://login.cengage.com. Technical questions, guides, and tutorials are hosted 
on Cengage Learning Technical Support Web site http://support.cengage.com. 
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Information Systems: People, 
Technology, Processes, and 
Structure 


Secure Information Systems 


Corporate and Individual 
Accountability: Ethical, Legal, 
and Social Issues 


Andrey_Popov/Shutterstock.com 
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Principles Learning Objectives 


Managers have an essential e Identify two key management responsibilities in implementing successful 
role to play in the successful information systems. 
implementation and use of è 


State three reasons why organizations employ the Leavitt’s Diamond 


information systems—that role model to introduce new systems into the workplace. 


changes depending on which 
type of information system is 
being implemented. 


e Describe four fundamental information system types based on their 
sphere of influence. 


e Discuss the traditional and contemporary view of the role that information 
systems play in an organization’s value chains. 


The strategic planning process e Identify four benefits of creating a strategic plan. 
for the IS organization and the 
factors that influence it depend 
on how the organization is 
perceived by the rest of the Identify three ways the IS organization can be perceived by the rest of 
organization. the organization, and how each can influence the IS strategy. 


Identify four drivers that help set the information system organizational 
Strategy. 


The information system worker œ Identify six non-technical skills needed to be an effective information 
operates at the intersection of system worker. 

business and technology and 
designs, builds, and imple- 
ments solutions that allow 
organizations to effectively 
leverage information systems. 
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Identify two benefits of obtaining a certification in an IS subject area. 
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IS in Action 


mPharma Improves Prescription Availability 
and Affordability 


æ GLOBAL, DIVERSITY 


The people of Africa are struggling to overcome severe healthcare challenges. Africa has 
15 physicians per 100,000 inhabitants, less than one-tenth of most countries. Sixty-two 
percent of its 1.2 billion people live in rural areas where access to medical facilities is 
extremely difficult. The drug manufacturers and the pharmacies have limited data on 
which to develop an accurate forecast of the demand for specific drugs. This limited data 
leads to frequent out-of-stock situations of essential medicines. After seeing patients, 
doctors may need to make several calls to find pharmacies that can fill the necessary 
prescriptions. It is not uncommon for a patient to travel miles to a specific pharmacy 
only to find out that the needed prescription cannot be filled because it is no longer 
in stock. 

An information system is a set of interrelated components that work together to col- 
lect, process, store, and disseminate information to support fundamental business oper- 
ations, data reporting and visualization, data analysis, decision making, communications, 
and coordination within an organization. mPharma is a start-up company that builds 
information systems that connect patients, hospitals, pharmacies, and drug manufacturers 
via networks, software, and mobile phones. With this technology, mPharma manages the 
prescription drug inventory for pharmacies and pharmaceutical suppliers in four African 
countries. The information systems also enable mPharma to track which drugs are avail- 
able at any given time and where. Knowing this information gives patients reliable access 
to medicines. 

Once patients register in the mPharma system, their health data and prescription 
history can be accessed by their doctor. After registration, doctors can prescribe medication 
and send a prescription code to the pharmacy and the patient’s mobile phone. In addition, 
doctors can see stock information for any of the mPharma partner pharmacies to avoid 
sending patients to pharmacies where drugs are unavailable. Doctors and pharmacies 
can also communicate directly through mPharma’s messaging system. By taking over the 
inventory management for member pharmacies, forecasting demand of prescription drugs, 
and bargaining with suppliers, mPharma has been able to lower prescription costs by as 
much as 30 percent. 

mPharma found that some participants in the program were reluctant to come 
on-board. For instance, hospitals were not willing to share patient/doctor data, 
pharmacies were not willing to allow mPharma access to their inventory data, and 
patients had concerns about the privacy of their data. To prove the system would work, 
mPharma launched a pilot program in Zambia that involved several doctors and 1,000 
patients who received their prescriptions through the mPharma system. The success 
of this pilot helped ease many of these concerns. In addition, mPharma was able to 
extract an enormous amount of data to track drug usage and develop a real-time disease 
surveillance system. 

mPharma founders had a clear goal: Make prescription drugs in emerging markets 
easily accessible and readily affordable. They formed partnerships with venture capitalists, 
major pharmaceutical manufacturers, insurance companies, financial institutions, and 
governments to build a new technology infrastructure. They then developed information 
systems on top of this infrastructure to change how prescriptions are filled and inventory 
is managed. These new processes changed who is responsible for forecasting the demand 
of prescription drugs. In addition, mPharma used key supporting system complements 
including physician, pharmacy, and patient education to ensure successful implementation 
and adoption of the system by doctors, patients, and pharmacists. 
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As you read about information systems, consider the following: 


e How are organizations using information systems to accomplish their objectives 
and meet ever-changing business needs? 

e What role might you have in identifying the need for, acquisition of, or use of such 
systems? 


Why Learn About Information Systems? 


We live in an information economy, and information systems are embedded in and control many of the 
products we use on a daily basis—our phone, the auto we drive, our coffee maker, the cable box that 
controls our TV, and so on. Information has real value. To stay competitive, organizations require a steady 
flow of information about their business partners, competitors, customers, employees, markets, and sup- 
pliers. When this information is in place, individuals can communicate instantaneously with one another, 
and consumers make purchases online using mobile devices. In addition, project members dispersed 
globally and across multiple organizations can collaborate effectively, and financial institutions can man- 
age billions of dollars in assets around the world. Further, manufacturers can partner with suppliers and 
customers to track inventory, order supplies, and distribute goods faster than ever before. 

Starbucks implemented what it calls its “digital flywheel,” which includes everything from its 
rewards program to its mobile order-ahead feature to eliminate congestion at stores. Target built a 
myCheckout app that its team members can use on their mobile devices to search Target.com for 
desired products, and then take guests’ payment on the spot with a credit card reader that’s attached 
to the handheld device. Guests walk away knowing their items are enroute to their doorstep—with free 
shipping, by the way! Walmart built an app that allows customers to refill and manage their prescriptions 
from their mobile devices and skip the line when they reach the pharmacy counter. It also recently 
entered the credit card processing field with its own mobile payment processing solution called Walmart 
Pay. Kroger is piloting a new Scan, Bag, Go handheld scanner that enables shoppers to pick items, scan 
them, and drop them in a grocery tote. When done shopping, consumers head to the self-checkout 
stand for one last scan that totals their bill and allows them to pay. They drop off the handheld scanner 
and head out the door. 

Information systems will continue to change businesses and the way we live. Indeed, many corpo- 
rate leaders are using technology to rework their products and services. To prepare to participate in and 
lead these innovations, you must be familiar with fundamental information system concepts. Regardless 
of your college major or chosen career, the ability to recognize and capitalize on information system 
opportunities will make you a valuable member of your organization and will advance your career. And, 
as you will learn in this chapter, as a manager you have an essential role in ensuring the successful 
implementation and adoption of your organization’s information systems. 


What is an Information System os m 


information system: A set of An information system is a set of interrelated components that work together 
interrelated components that work to collect, process, store, and disseminate information. This information sup- 
together to support fundamental : : : p nat 

i ; ports fundamental business operations, data reporting and visualization, data 
business operations, data reporting leis: dacisi ki Mee d di j ithi 
and visualization, data analysis, analysis, decision making, communications, and coor ination within an orga- 
decision making, communications, and nization. A well-designed information system includes some form of feedback 
coordination within an organization. mechanism to monitor and control its operation. This feedback ensures that the 

system continues to operate in an effective and efficient manner. 

Individuals and organizations use computer-based information systems 
every day to accomplish a wide range of both work-related tasks and every- 
day living activities. This includes processing the fundamental transactions 
required to run a business (e.g. capturing customer orders and payments) 
and communicating with fellow employees, customers, business partners, and 
other resources. Information systems are also used to analyze large amounts of 
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data to detect underlying trends to enable accurate forecasts; track costs and 
schedule progress on projects, prepare presentations including slides, graphs, 
and tables; and monitor results and recommend appropriate actions. 


Information Systems—A Means to Achieve 
Competitive Advantage 


A competitive advantage enables an organization to generate more sales or 
achieve superior profit margins compared to its rivals. The advantage can be 
gained in one of three ways: (1) by providing the same value as competitors but 
at a lower price (cost leadership), (2) by charging higher prices for providing 
products that are perceived by the customer as being better (differentiation), 
or (3) by understanding and servicing a target market better than anyone else 
(focus). Organizations must recognize that considerable effort may be required 
to sustain a competitive advantage. Organizations and their products and ser- 
vices must continually evolve to account for changes in customer needs, market 
conditions, industry conditions, and competitor actions. 

Managers have a key responsibility to identify and use information systems 
to gain a competitive advantage. Here are a few examples of using information 
systems in this manner: 


e mPharma, as discussed in the opening vignette, used its custom infor- 
mation systems to become the dominant organization in managing the 
prescription inventory for pharmacies and their pharmaceutical suppliers 
in four African countries. 

e Boeing employs sophisticated information systems that enable the digital 
design of various aircraft-related systems. These systems allow early 
detection and removal of design defects and reduce development cost 
and time.’ 

e Walmart employs a vendor-managed inventory system to streamline 
product flow and better manage its store inventories. This system 
reduces the administrative costs of managing inventory, lowers inventory 
holding costs, and increases sales through reductions of out-of-stock 
situations in its stores. 

e Skanska USA, a construction firm, employs an information system to 
track and analyze the movement and tasks of subcontractors on the 
job. With this system, Skanska can relocate tools and materials to more 
optimal locations and rearrange workflows to speed up the building 
process and to reduce labor costs.” 

e La-Z-Boy differentiates itself from competitors by implementing a system 
to consolidate shipping and exception data from dozens of carriers so 
that consumers know when their purchase is shipping from the retailer 
and when they can expect to see it at their door step. 


Managers’ Role in Implementing Successful Information Systems 


An organization’s information system operates within a context of people, technol- 
ogy infrastructure, structure, and processes, as shown in Figure 1.1. This model is 
Leavitt’s Diamond: A model that known as Leavitt’s Diamond, and it was defined by American psychologist and 


states an organization's information organizational scientist Harold Leavitt. Organizations use this model to introduce 
systems operate within a context of 
people, technology infrastructure, 
processes, and structure. 


new systems into the workplace in a manner that lowers stress, encourages team- 
work, and increases the probability of a successful implementation. 

Leavitt’s Diamond highlights the need for an overall implementation approach 
that considers all four key components. Unfortunately, company leaders often focus 
too narrowly on just the technology infrastructure component. When they do so, 
they fail to consider the people, processes, and human structure components. This 
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failure can create a rough system start-up, frustrated employees, and missed orga- 
nizational expectations that can lead to system failure or the need to redo much 
of the implementation effort. Managers of the business functions most affected by 
the new information system have a key responsibility to ensure that the people, 


processes, and human structure components are fully addressed. 


FIGURE 1.1 


Leavitt’s Diamond 


People 
e Motivation 
e Training 
e Support 
À 
Technology Infrastructure 
Processes e Hardware 
e Procedures e Software 
e Standards ~ >| e Databases 
e Measures e Networks 
e Tools e Facilities 
e Services 


Structure 
e Roles 


e Responsibilities 
e Authority 


Leavitt's Diamond proposes that every organizational system operates within a context composed 
of people, technology infrastructure, processes, and human structure. 


The various components of Leavitt’s Diamond will now be discussed. 


People People make the difference between success and failure in all 
organizations. Jim Collins, in his book Good to Great, said, “Those who build great 
companies understand that the ultimate throttle on growth for any great company 
is not markets, or technology, or competition, or products. It is one thing above 
all others: the ability to get and keep enough of the right people.”* Thus, it 
comes as no surprise that people are the most important element of information 
systems. Indeed, people are involved in information systems in many ways: 
people envision information systems and the benefits they can deliver, people 
design and build information systems, people support and maintain information 
systems, and people use information systems to achieve worthwhile results. 

Good information systems can enable people to produce extraordinary 
results. They can also boost job satisfaction and worker productivity.° Infor- 
mation systems personnel include all the people who manage, run, program, 
and maintain the system, including the chief information officer (CIO), who 
leads the IS organization. End users are people who work directly with infor- 
mation systems to get results. They can include anyone in the organization— 
receptionists, financial managers, product development personnel, salespeople, 
human resource managers, marketing representatives, warehouse workers, 
executives, and manufacturing line operators. 

Employees must be well trained and understand the need for the infor- 
mation system, what their role is in using or operating the system, and how 
to get the results they need from the system. They must be motivated to use 
the information system and have access to system support people as needed. 
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technology infrastructure: All 
the hardware, software, databases, 
networks, facilities, and services 
used to develop, test, deliver, 
control, or support the information 
technology applications and services 
an organization requires to meet the 
needs of its customers, suppliers, 
key business partners, regulatory 
agencies, and employees. 


process: A structured set of related 
activities that takes input, adds value, 
and creates an output for the customer 
of that process. 


procedure: A set of steps that need 
to be followed to achieve a specific end 
result, such as entering a customer 
order, paying a supplier invoice, or 
requesting a current inventory report. 
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Technology infrastructure An organization’s technology infrastructure includes 
all of its hardware, software, databases, networks, facilities (such as data centers 
and server rooms) and services provided by third parties (such as outside 
consultants, rented hardware, third-party software, and outside storage). An 
organization uses these resources to develop, test, deliver, control, or support 
the information technology applications and services an organization requires 
to meet the needs of its customers, suppliers, key business partners, regulatory 
agencies, and employees. The technology infrastructure forms the foundation 
of every computer-based information system. Worldwide information technol- 
ogy spending is expected to reach nearly $3.8 trillion in 20197 as shown in 
Table 1.1. This is an amount rivaling the $4.4 trillion dollar proposed U.S. 
federal budget for fiscal year 2019. 


TABLE 1.14 Global IT projected spending 2017-2019 


Spending in Billions 


Infrastructure Component 2018 

Data center systems $178 $179 $179 
Enterprise software $355 $389 $421 
Devices $667 $704 $710 
IT services $933 $985 $1,030 
Communications services $1,393 $1,427 $1,443 
Total Spending $3,526 $3,684 $3,783 


Processes A process is a structured set of related activities that takes input, 
adds value, and creates an output for the customer of that process. The input 
can be something tangible such as raw materials, data, chemical ingredients, 
documents, or data. The output can be finished product, information gleaned 
from processing the data, a completed form, or a report. The customer of the 
process may be an actual business customer or a worker in another organiza- 
tional unit of the firm who needs the output of the process to perform his/her 
job or to make a decision. A salesperson taking a customer order is an example 
of a business process. The items in the order are pulled from inventory and 
shipped to the customer. The order then goes through billing, collections, and 
is eventually converted into cash. 

A procedure defines the steps to follow to achieve a specific end result, 
such as how to enter a customer order, how to pay a supplier invoice, or how to 
request a current inventory report. Good procedures describe how to achieve 
the desired end result, who does what and when, and what to do in the event 
something goes wrong. When people are well trained and follow effective pro- 
cedures, they can get work done faster, cut costs, make better use of resources, 
and more easily adapt to change. When procedures are well documented, they 
can greatly reduce training costs and shorten the learning curve. 

Using an information system involves setting up and following many pro- 
cedures, including those for the operation, maintenance, and security of the 
computer. For example, some procedures describe how to gain access to the 
system through the use of a log-on procedure and a password. Others describe 
who can access facts in the database or what to do if a disaster, such as a fire, 
earthquake, or hurricane, makes the information system unusable. Good pro- 
cedures can help companies take advantage of new opportunities and avoid 
lengthy business disruptions in the event of natural disasters. Poorly developed 
and inadequately implemented procedures, however, can cause people to waste 
their time on useless rules or can result in inadequate responses to disasters. 
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structure: A definition of the 
relationships among the members of 
an organization including their roles, 
responsibilities, and lines of authority 
necessary to complete various 
activities. 


personal information 

system: An information system that 
improves the productivity of individual 
users in performing stand-alone tasks. 


workgroup information 
system: Systems that support 
teamwork and enable people to work 
together effectively, whether team 
members are in the same location or 
dispersed around the world. 


enterprise information 

system: An information system 

that an organization uses to define 
structured interactions among its 

own employees and/or with external 
customers, suppliers, government 
agencies, and other business partners. 


Structure An organization’s structure defines relationships among members 
of the organization. In addition, it defines the roles, responsibilities, and lines 
of authority that are necessary to complete various activities. Employees must 
understand and accept their roles and responsibilities, and these roles and 
responsibilities often change with the introduction of a new information system. 


Types of Information Systems 


Organizations employ numerous information systems. When considering the 
role of people using information systems, it is useful to divide information sys- 
tems into four types based on their sphere of influence: personal information 
system, workgroup information system, enterprise information system, and 
interorganizational information system. 

Personal information system includes information systems that improve 
the productivity of individual users in performing stand-alone tasks. Examples 
of personal IS include word-processing, presentation, time management, and 
spreadsheet software. 

Kroger is the largest retail grocer in the world with $115 billion in 2016 
sales from 2,792 supermarkets and multi-department stores in 35 states and 
the District of Columbia. Its ClickList system is an example of a personal infor- 
mation system that improves the efficiency of its customers. Customers use 
ClickList to shop for their groceries online and then pick them up at the store 
at a prearranged time. Once logged on, the customer can type the names of 
products into the search bar, browse items by department, or choose one of 
three other options: My Favorites, My Recent Purchases, and Sale Items for You. 
The price is clearly displayed under each image; the customer can either click 
the box beneath the image to add the item directly to the cart or the customer 
can click on the image itself and see alternate views of the packaging and nutri- 
tion information. After the customer order is placed, Kroger Associates choose 
the items, bag them, and place them in a refrigerated space in the store. Then, 
customers can just drive to the store at their reserved pickup time, and Kroger 
loads the order into their car. 

In today’s global work environment, success depends on our ability to 
communicate and collaborate with others, including colleagues, clients, and 
customers. A workgroup information system supports teamwork and enables 
people to work together effectively, whether team members are in the same 
location or dispersed around the world. These systems are also known as 
collaboration systems. Examples of workgroup information systems include 
instant messaging software, electronic conferencing software, and collaboration 
software used to move groups through the steps of a process toward their goals. 

The Monterey Bay Aquarium in California strives to raise awareness of 
ocean conservation and educate and inspire the next generation of ocean stew- 
ards. Its education programs attract some 110,000 students and teachers each 
year. The aquarium recently set a goal to double the number of its programs 
and is building a new education center to meet this growth. Achieving this goal 
means the staff must complete many tasks while working on different teams 
and different projects. The team uses a group collaboration tool to help them 
communicate, organize, plan, schedule, track, and delegate jobs. The tool pro- 
vides visibility and easy access to all ongoing projects and gives team members 
the opportunity to jump in and help each other out.’ 

An enterprise information system is used to meet organization-wide 
business needs and typically shares data with other enterprise applications 
used within the organization. Enterprise applications support processes 
in logistics, manufacturing, human resources, marketing and sales, order 
processing, accounting, inventory control, customer relationship management, 
and other essential business functions. These processes require cross- 
functional collaboration with employees from multiple organizational units. 
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interorganizational IS: An 
information system that enables 
sharing of information and conducting 
business electronically across 
organizational boundaries. 


CHAPTER 1 œ Information Systems: People, Technology, Processes, and Structure 9 


Enterprise applications are required to comply with an organization’s security 
guidelines and may also be required to comply with standards defined by 
government agencies or industry groups to which the organization belongs. 
For example, all organizations that store, process, and transmit cardholder 
data strive to meet the Payment Card Industry Data Security Standard. This 
standard provides a framework of specifications, tools, measurements, and 
support resources to help organizations ensure the safe handling of card- 
holder information. Successful implementation of these systems often requires 
the radical redesign of fundamental work processes, the automation of new 
processes, and re-training of personnel. Target processes may include purely 
internal activities within the organization (such as payroll) or those that sup- 
port activities with external customers and suppliers (order processing and 
purchasing). 

Allan Bros., Inc. is a fruit growing, packing, and shipping company located 
in Naches, WA. It has orchards located throughout Eastern Washington. The 
firm developed an enterprise information system that informs workers when 
and how they should prune the vines and predicts the quality and volume of 
upcoming crops of grapes. The system can even estimate how many tons will 
grow per acre—key information for production planning and determining how 
many wineries the vineyard can serve from one harvest.‘ 

An interorganizational IS enables the sharing of information across orga- 
nizational boundaries. Information sharing supports collaboration between two 
or more organizations and provides benefits such as lower costs, reduced 
manual effort, and decreased time to conduct business. To achieve these 
benefits, the information shared between organizations must be accurate, 
complete, and current. Otherwise, companies using the IOS will experience 
inefficiencies resulting from the time spent to reconcile errors. 

Many different types of IOS exist, and they vary in purpose and scope. Elec- 
tronic data interchange (EDD is an interorganizational information system that 
expedites purchasing, invoicing, and payment by sending orders, invoices, and 
payments in standardized electronic message formats from one organization’s 
computer to another organization’s computer. All companies that use EDI send 
their data according to rigidly defined industry standards. A number of EDI 
standards bodies exist in the United States and Europe, and within the United 
Nations. These organizations develop EDI standards for specific industries such 
as the automotive, grocery, and retail industries. The standard EDI messages 
are received and verified, and the transactions are completed with little or no 
human effort required. Becoming EDI capable is a relatively straight forward 
task as many of the purchasing and inventory management software packages 
available include additional software modules that enable EDI. EDI replaced 
the much slower and error-prone processes based on humans handling trans- 
actions over the phone and with paper documents. 

Walmart employs an interorganizational information system it calls 
vendor-managed inventory (VMD) to streamline product flow and better manage 
its store inventories. Walmart suppliers who participate in the VMI program 
are responsible for managing the inventory of their products in Walmart’s 
warehouses. Suppliers are authorized to access a Walmart database that 
contains item-level sales and inventory data for just their products and not 
competitors’ products. The supplier can then use this data to develop product 
demand projections. Each supplier is aware of any unit shortfalls of any of their 
products and is empowered to immediately and proactively ship additional 
units without a Walmart-generated purchase order. Because of this system, 
Walmart has reduced administrative costs to manage inventory, lower inventory 
holding costs, and increased sales through reduction of out-of-stock situations 
in its stores. Supplier benefits include lower manufacturing and distribution 
costs and improved production scheduling. This scheduling better matches 
Walmart customers’ demand and reduces out-of-stock situations. 
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value chain: A series (or chain) of 
activities that an organization performs 
to transform inputs into outputs in such 
a way that the value of the input is 
increased. 


supply chain: A key value chain 
whose primary processes include 
inbound logistics, operations, 
outbound logistics, marketing and 
sales, and service. 


FIGURE 1.2 


Supply chain and primary and 


support processes 

The primary and support activities 
of the manufacturing supply chain 
are concerned with creating or 
delivering a product or service. 


Value Chain 


The value chain is a series (or chain) of activities that an organization performs 
to transform inputs into outputs in such a way that the value of the input is 
increased. An organization may have many value chains, and different organiza- 
tions in different industries will have different value chains. As an example of a 
simple value chain, consider the gift-wrapping department of an upscale retail 
store. It takes packages from customers, covers the packages with decorative 
wrapping paper, and gives the packages back to the customers, thus increasing 
the perceived value of the gift. 

In a manufacturing organization, the supply chain is a key value chain 
whose primary processes include inbound logistics, operations, outbound 
logistics, marketing and sales, and service as shown in Figure 1.2. An orga- 
nization’s supply chain encompasses the processes required to get the right 
product or service into the right consumer’s hands in the right quantity at the 
right time and at the right cost. These primary processes are directly concerned 
with the creation and/or delivery of the product or service. The supply chain 
also includes four main support processes, including technology infrastructure, 
human resource management, accounting and finance, and procurement. 


Suppliers Receiving Storage Advertising Customer service 
Raw material Storage Shipping Promoting 
Transportation Manufacturing Selling 


Storage 


Outbound 
logistics 


Inbound 
logistics 


Marketing 


Operations and sales 


Technology infrastructure, including information systems 


Human resource management 


Accounting and finance 


Procurement 


The concept of value chain is also meaningful to companies that don’t 
manufacture products. These companies include tax preparers, restaurants, 
book publishers, legal firms, and other service providers. By adding a significant 
amount of value to their products and services, companies ensure their success. 

Organizations are constantly fine-tuning and adjusting their supply chain. 
For example, Amazon has transformed from a small, non-profitable online 
bookseller to the largest Internet-based retailer in the world, as defined by total 
sales and market capitalization. Amazon is continually evolving its approach 
to supply chain management to ensure that it can deliver millions of items to 
customers at the right price and faster than any other retailer. Amazon offers 
customers Amazon Prime, an annual membership that guarantees free two-day 
shipping on hundreds of thousands of items. When other online retailers moved 
to match Amazon Prime, Amazon began offering free two-day shipping. Its next 
move was one-hour delivery with Amazon Prime Now. Amazon customers who 
live within 10 miles of an Amazon fulfillment center will soon be able to receive 
their eligible packages (under 5 pounds) via drones inside of 30 minutes. 
Amazon even introduced Dash buttons, little wireless communications devices 
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that allow users to simply press a button to order a household staple such as 
bottled water, coffee, detergent, and paper products. 

What role do information systems play in supply chain management activi- 
ties and other organizational activities? A traditional view of information systems 
holds that organizations use information systems to control and monitor pro- 
cesses and to ensure effectiveness and efficiency. In this view, information sys- 
tems are external to the supply chain management process and serve to monitor 
or control it. A more contemporary view, however, holds that information sys- 
tems are often so intimately involved that they are part of the process itself. From 
this perspective, the information system plays an integral role in the process, 
whether providing input, aiding product transformation, or producing output. 


Critical Zara Supply Chain System 


Thinking © SYSTEMS AND PROCESSES 
Exercise 


Zara is a Spanish clothing and accessories retailer with headquarters in Arteixo, Spain. 
It has 2,000 stores spread across 88 countries.® Its founder, Amancio Ortega, had 
humble origins, but today is the third richest man in the world. Consumer clothing 
trends are constantly changing, creating a highly competitive environment in which 
companies compete not only on price but also on their ability to deliver products that 
are new and stimulating to their customers. To meet this challenge, Zara has devel- 
oped an extremely responsive supply chain that enables it to go from design stage to 
sales floor in a maximum of three weeks rather than the six-month industry average. 

Zara can deliver new products twice a week to its stores around the world. 
Mobile computers and point-of-sales systems are used to capture and review data 
from stores on an hourly basis to spot new trends as early as possible. This data 
includes sales and inventory data and anecdotal information gleaned by sales 
assistants as they chat with customers and as the sales assistants gather unsold 
items that customers tried on but left in fitting rooms. All this data is sent to Zara’s 
headquarters where it is carefully analyzed by design teams who decide what new 
designs will be prototyped and produced in small quantities to see what sells. In 
addition, inventory optimization models help the company determine the quantities 
and sizes of existing items that should be delivered to each store. Zara’s outstand- 
ing supply chain (which includes information systems as an integral component) 
has led to improved customer satisfaction, decreased risks of overstocking the 
wrong items, reduced total costs, and increased sales.’ 


Review Questions 

1. In what sphere of influence does the Zara supply chain information system 
operate? 

2. How has the Zara supply chain provided the firm with a competitive advantage? 


Critical Thinking Questions 


1. How can you ensure that sales assistants at each retail location will use the 
information system as intended? (Hint: Refer back to Figure 1.2.) 

2. What issues might you encounter in using the information system at Zara? How 
might these issues be overcome? Whose responsibility is it to address these issues? 


Strategic Planning 3 . 2 


strategic planning: A process that Strategic planning is a process that helps managers identify initiatives and 
helps managers identify initiatives and projects that will achieve organizational objectives. The strategic plan must 
projects that will achieve organizational take into account that the organization and everything around it is in a state 
objectives. Zo si <4 ; : 

of flux. This includes consumers’ likes and dislikes, changes in competitors, 
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and suppliers leaving and entering the marketplace. In addition, the costs and 

availability of raw materials and labor fluctuate, the fundamental economic 

environment (interest rates, growth in gross domestic product, inflation rates) 

changes; and the degree of industry and government regulation varies. 
Strategic planning provides the following benefits: 


e A framework and a clearly defined direction to guide decision making at 
all levels and across all organizational units 

e The most effective use of the organization’s resources by focusing those 
resources on agreed-on key priorities 

e The ability of the organization to be proactive and to take advantage of 
opportunities and trends, rather than passively reacting to them 

e Improved communication among management, employees, the board of 
directors, shareholders, and other interested parties 


An organization develops an overall strategic plan, which sets the direction 
for all the other business units of the organization. Common themes in setting 
strategies include “increase revenue,” “attract and retain new customers, 
“increase customer loyalty,” and “reduce the time required to deliver new 
products to market.” In choosing from alternative strategies, managers should 
consider the long-term impact of each strategy on revenue and profit, the degree 
of risk involved, the amount and types of resources that will be required, and 
the potential competitive reaction. Managers of the various business units also 
develop a strategic plan that is consistent with the overall organizational plan. 

Amazon has made a strategic decision to explore the possible use of deliv- 
ery drones to gain a real competitive advantage over competitors who rely on 
less efficient ground transportation. Because a large percentage of Amazon 
packages weigh less than 5 pounds, drones could become the ideal rapid- 
delivery vehicles. Amazon has detailed plans for this service; however, the 
company cannot announce if or when the program will start until regulators 
set out the rules regarding the commercial use of drones. Such a strategy has 
the potential to attract new customers and increase revenue.” 


” 


Information System Strategic Planning 


The strategic plan of an information system (IS) must identify those technologies, 
vendors, competencies, people, systems, and projects in which an organization 
will invest to support the corporate and business unit strategies. This plan is 
strongly influenced by new technology innovations. These innovations include 
increasingly more powerful mobile devices and advanced software that can 
analyze large amounts of structured and unstructured data. Innovative thinkers 
inside and outside the organization also influence the plan (see Figure 1.3). 

The strategic planning process for the IS organization is also strongly influ- 
enced by how the IS organization is perceived by the rest of the organization. 
An IS organization can be viewed as a cost center/service provider, as a busi- 
ness partner/business peer, or as a game changer (see Table 1.2). 

In a survey of more than 700 CIOs, 38 percent said that their IS organi- 
zation is viewed as a cost center/service provider that is expected to reduce 
IS costs and improve IS services." The strategic planning process for such an 
organization is typically directed inward and focused on determining how to 
do what it is currently doing but doing it cheaper, faster, and better. 

The IS organization of the state of Delaware is viewed as a cost center/ 
service provider. One of the organization’s primary strategic initiatives is to 
consolidate IS resources and to eliminate redundant functions and resources 
within the various state agencies. The goal is to deliver significant improve- 
ments in customer service and to reduce costs.” 

The majority of CIOs surveyed, about 52 percent, said that their IS organi- 
zation is viewed as a business partner/business peer that is expected to control 
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FIGURE 1.3 


Drivers that set IS 
organizational strategy and 
determine information system 


investments 

Planners must consider many 
factors in setting IS organizational 
strategy. 


Innovative 
thinking 


TABLE 1.2 The IS strategic planning spectrum 
Cost Center/Service 
Provider 


Strategic planning focus Inward looking 


IS goals Control/reduce IS costs; 
improve IS operations and 
services 

Strategy React to strategic plans of 


business units 


Eliminate redundant or 
ineffective IS services 


Typical projects 


Corporate 
strategy 


Business 
unit 
strategies 


IT 


organizational 
strategies 


IT investments: 

e Technologies 

e Vendors 

e Competencies 
e People 

e Systems 

e Projects 


Business Partner/ 
Business Peer 


Business focused 


Improve IS/business 
partnership 

Control IS costs; expand 
IS services 


Execute IS projects to 
support plans of business 


Implement new 
systems and technology 
infrastructure; redesign 
business processes 


Technology 
innovations 


Game Changer 
Outward looking 


Drive business innovation; 
deliver new products and 
services 


Use IS to achieve 
competitive advantage 


Provide new ways for 
customers to interact with 
organization 
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IS costs and to expand IS services in support of business initiatives.” The stra- 
tegic planning process of these organizations is based on understanding the 
collective business plans for the next year and determining what those mean 
for the IS organization in terms of new technologies, vendors, competencies, 
people, systems, and projects. 

The IS organization for the city of Seattle operates under the constraint of 
a decreasing budget but is continually striving to expand its services and cap- 
italize on the latest technology developments. It employs newer technologies, 
such as mobile computing, to improve the interaction of city government with 
its constituents and to support city services on the move. The organization also 
seeks opportunities to access shared computer resources through cloud-based 
applications to gain advantages and efficiencies where it makes sense. 
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Critical 
Thinking 
Exercise 


Only 10 percent of surveyed CIOs stated that their IS organization is viewed 
by fellow employees as a game-changing organization that is asked to lead 
product innovation efforts and open new markets.” Their strategic planning 
process is outwardly focused and involves meeting with customers, suppliers, 
and leading IS consultants and vendors to answer questions like “What do we 
want to be?” and “How can we create competitive advantage?” In such organi- 
zations, IS is not only a means for implementing business-defined objectives but 
also a catalyst for achieving new business objectives unreachable without IS. 

GAF is a $3 billion privately held manufacturer of commercial and residen- 
tial roofing. GAF’s IS employees regularly collaborate with external customers 
to learn from them and to help educate potential customers about why they 
should do business with GAF. Using these collaboration sessions to gain a bet- 
ter understanding of its customers’ needs, GAF developed a mobile app that 
allows a contractor to take a photo of a prospect’s house and then use that 
photo to allow the prospect to preview different GAF shingle styles and colors 
on an actual image of their home. The app was a game changer for the orga- 
nization as it helps GAF contractors demonstrate the beauty of GAF shingles 
and eliminates one of the biggest barriers to closing the sale—answering the 
question, “How will it look on my house?”’” 

No matter how an IS organization is perceived, the odds of achieving 
good alignment between the IS strategic plan and the rest of the business are 
vastly increased if IS workers have experience in the business and can talk to 
business managers in business terms rather than technology terms. IS workers 
must be able to recognize and understand business needs and develop effective 
solutions. The CIO especially must be able to communicate well and should 
be accessible to other corporate executives. However, the entire burden of 
achieving alignment between the business and the IS organization cannot be 
placed solely on the IS organization. 


Business Liaison Role 
Æ REFLECTIVE THINKING, SYSTEMS AND PROCESSES 


You have been employed as a systems analyst in the information systems organi- 
zation of a medium-sized consumer goods manufacturer for three years. You are 
quite surprised when your manager offers you a one-year special assignment as a 
warehouse manager supervising workers and operations in the large distribution 
center used to store your company’s finished products and prepare them for ship- 
ment to retail stores around the country. Your manager explains that the company 
wishes to groom you to become the business liaison with the supply chain organi- 
zation and wants you to become familiar with the entire order-fulfillment process. 
Based on its recent growth, the company is planning to open at least two new 
distribution centers in different regions of the country over the next two to three 
years. Management has chosen you to be a key player in developing a strategic 
plan that is consistent with corporate strategies and meets the needs of the supply 
chain organization. 


Review Questions 

1. What organizational benefits can be gained from the creation of this role and 
improved strategic planning? 

2. What key drivers should govern the IS strategic plan? 


Critical Thinking Questions 

1. How would you like the IS organization to be perceived by the rest of the 
company? Why? 

2. For you, personally, what are the pros and cons of accepting this position? 
Would you take this assignment? Why or why not? 
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Information Systems Careers J a 


Today, most organizations cannot function or compete effectively without 
computer-based information systems. Indeed, organizations often attribute their 
productivity improvement, superior customer service, or competitive advantage 
in the marketplace to their information systems. The information system worker 
functions at the intersection of business and technology and designs and builds the 
solutions that allow organizations to effectively leverage information technology. 

Successful information system workers must enjoy working in a fast-paced, 
dynamic environment where the underlying technology changes all the time. 
They must be comfortable with meeting deadlines and solving unexpected 
challenges. They need good communication skills and often serve as translators 
between business needs and technology-based solutions. Successful information 
systems workers must have solid analytical and decision-making skills and be 
able to translate ill-defined business problems and opportunities into effective 
technology-based solutions. They must develop effective team and leadership 
skills and be adept at implementing organizational change. Last, but not least, they 
need to be prepared to engage in lifelong learning in a rapidly changing field. 

Specific technical skills are important for IS workers to possess. These 
skills—all of which are discussed in various chapters throughout this book— 
include the following: 


e Capability to analyze large amounts of structured and unstructured data 
e Ability to design and build applications for mobile devices 

e Traditional programming and application development skills 

e Technical support expertise 

e Project management skills 

e Knowledge of networking and cloud computing 

e Ability to audit systems and implement necessary security measures 

e Web design and development skills 

e Knowledge of data center operations 


Technology is one of the fastest-growing areas of the U.S. economy, and 
information systems professionals are in high demand. The U.S. Bureau of 
Labor Statistics (BLS) pegged the number of people employed in the United 
States in computer-related occupations in 2016 at 4.6 million. The BLS fore- 
casts an increase of 591,000 new computing job openings in the time period 
2016 to 2026 or an average of about 60,000 new jobs per year.'* Figure 1.4 
shows that the annual number of computer and information science degrees 
awarded in the United States has met or exceeded 100,000 since 2010. Many 
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computer and information science graduates take employment in related fields 
such as business management. They also work as mathematicians or operations 
research specialists; computer or electronic salespeople; or business, math, or 
computer science educators. 


Typical Information System Roles 


IS offers many exciting and rewarding careers. Professionals with careers in 
information systems can work in an IS department or outside a traditional IS 
department as Web developers, computer programmers, systems analysts, com- 
puter operators, and in many other positions. Opportunities for IS professionals 
also exist in the public sector. In addition to technical skills, IS professionals 
need skills in written and verbal communication, an understanding of organi- 
zations and the way they operate, and the ability to work with people and in 
groups. The following sections provide a brief description of these roles. At the 
end of each chapter in this book, you will find career exercises that will help 
you explore careers in IS and career areas that interest you. 


Chief Information Officer 

The role of the chief information officer (CIO) is to employ an IS depart- 
ment’s equipment and personnel in a manner to best achieve the goals of 
the organization. CIOs must understand finance, accounting, and return on 
investment and be able to make wise choices on which of many projects to 
fund and staff. They can help companies avoid damaging ethical challenges 
by monitoring how their firms are complying with a large number of laws and 
regulations. A good CIO is typically a visionary who provides leadership and 
direction to the IS department to help an organization achieve its goals. CIOs 
need strong technical, business, and inter-personal skills. Those interested in 
this career path would do well to explore college-level coursework in business 
management, computer science, and information technology. Employers prefer 
applicants with at least five years of information technology experience in a 
management capacity. 


Software Developer 

Software developers are the creative minds behind computer programs. 
Some develop the applications that allow people to do specific tasks on a 
smart phone, video game, laptop, or other computing device. Others develop 
the underlying operating systems that run the devices or that control net- 
works. Software developers test and debug the software as well as maintain 
and upgrade software after it is released for initial use. Software developers 
frequently collaborate with management, clients, and others to build a software 
product from scratch, according to a customer’s specifications, or to modify 
existing software to meet new business needs. Software developers usually 
have a bachelor’s degree in computer science and strong computer program- 
ming skills. 


Information Systems Security Analyst 


IS security analysts are responsible for planning, designing, implementing, 
and maintaining the security and integrity of their organizations’ systems and 
data. They analyze the security measures of the organization and identify and 
implement changes to make improvements. Security analysts are responsible 
for developing and delivering training on proper security measures. They also 
are responsible for creating action plans in the event of a security breach. Most 
information security analysts work for computer companies, consulting firms, 
or business and financial companies. Most information security analyst posi- 
tions require a bachelor’s degree in a computer-related field. Employers prefer 
to hire analysts with experience in a related occupation. 
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FIGURE 1.5 


Web Developers 
Web developers create and 
maintain company Web sites. 
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Systems Analyst 

Systems analysts frequently consult with management and users to define the 
scope of and requirements for new information systems. They convey system 
requirements to software developers and network architects for implementation. 
They bring business and information systems together by understanding the needs 
and limitations of both. They also assist in choosing and configuring hardware and 
software, matching technology to users’ needs, monitoring and testing the system 
in operation, and troubleshooting problems after implementation. A bachelor’s 
degree in a computer or information science field is common, although not always 
a requirement. Some firms hire analysts with business or liberal arts degrees who 
have skills in information technology or computer programming. 


Programmer 

Programmers convert a program design developed by a systems analyst or 
software developer into a working program written in one of many computer 
languages. To do this, they must write, debug, and test the program to ensure 
that it will operate in a way that it will meet the users’ needs. Programmers 
usually work in offices, most commonly in the computer systems design and 
related services industry. Most computer programmers have a bachelor’s 
degree; however, some employers hire workers with an associate’s degree. 
Most programmers specialize in more than one programming language. 


Web Developer 

These professionals design and maintain Web sites, including site layout and 
function, to meet the client’s requirements. The creative side of the job includes 
creating a user-friendly design, ensuring easy navigation, organizing content, 
and integrating graphics and audio (Figure 1.5). The more technical responsi- 
bilities include monitoring Web site performance and capacity. 


Business Analyst 

Business analysts are responsible for improving a company’s competitiveness 
and performance across a broad spectrum of criteria. Evaluating and solving 
business challenges is the strong suit of these professionals. They must collect, 
review, and analyze information that enables them to make sound recommen- 
dations. They often specialize in a particular functional area, such as supply 
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chain management, marketing, finance, or product development—or in an 
industry like healthcare, consumer products, or transportation, among others. 
Business analysts may oversee teams or work independently to solve problems 
and address challenges. Business analysts must possess a broad set of business 
knowledge and skills, which can be obtained through a bachelor’s degree in 
business administration with a specialization in management. 

Table 1.3 shows the median annual salary and forecasted number of new 
job openings for the IS positions just discussed. 


TABLE 1.3 Median annual salary for different information system positions 


2018 Median Annual Number of New Job 
Job Title Salary Number of Jobs, 2016 Openings, 2016-2026 
CIO $202,500 N/A N/A 
Software Developer $115,000 1,256,300 302,400 
Information Systems $115,250 100,000 28,500 
Security Analyst 
Systems Analyst $89,500 600,500 54,400 
Programmer $65,000 294,900 — 21,300 
Web Developer $66,100 162,900 24,400 
Business Analyst $92,000 N/A N/A 


SOURCES: Robert Half 2018 Salary Guide for Technical Professionals and the Bureau of Labor Statistics Employment Projections, 2016-2026 


Other IS Careers 


In addition to working for an IS department in an organization, IS personnel can 
work for large consulting firms, such as Accenture, IBM, and Hewlett-Packard. 
Some consulting jobs entail frequent travel because consultants are assigned 
to work on various projects at the client location. Such jobs require excellent 
project management and people skills in addition to IS technical skills. Related 
career opportunities include computer training, computer and computer- 
equipment sales, and computer equipment repair and maintenance. 

Other IS career opportunities include being employed by technology com- 
panies, such as Oracle, IBM, HP, Microsoft, Google, and Dell. Such a career 
enables an individual to work on the cutting edge of technology, which can be 
challenging and exciting. 

As some computer companies cut their services to customers, new compa- 
nies are being formed to fill the need. With names such as Speak with a Geek 
and Geek Squad, these companies are helping people and organizations with 
computer-related problems that traditional computer vendors are no longer solving. 

Some people decide to start their own IS businesses rather than continue 
to work for someone else. Such small business owners often prefer to be their 
own boss, with the freedom to think innovatively and take on new challenges. 
Other people become IS entrepreneurs or freelancers. They write programs, 
work on IS projects with larger businesses, or develop new applications for 
the iPhone or similar devices. Some Internet sites, such as www,freelancer.com, 
post projects online and offer information and advice for people working on 
their own. Many freelancers work for small- to medium-sized enterprises in 
the U.S. market. People doing freelance or consulting work must be creative in 
pursuing new business, while also protecting themselves financially. Freelancers 
and consultants must aggressively market their talents. To ensure that they are 
paid, they should insist that some or all of their fees for a given project are 
put into an escrow account. This will help ensure that they are paid for their 
efforts even if the client is not satisfied with the end result. 
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Shadow IT 


In addition to IS workers placed within the IS organization, some companies 
have people who take on IS-related roles outside the IS organization. For 
example, data scientists can be found in the marketing, sales, and supply chain 
management departments of large organizations. Data scientists are responsible 
for understanding the business analytics technology as well as the business. 
They use their understanding to deliver improvements in decision making. 
shadow IT: The information systems Shadow IT is a term used to describe the information systems and solu- 
and solutions built and deployed by tions built and deployed by departments other than the information systems 
departments other than the information department. In many cases, the information systems department may not even 
a be aware of these efforts. Gartner studies have found that shadow IT is over 
30 percent of total IT expenditures in large organizations. This statistic means 
that non-IT business units are responsible for 30 percent of the total informa- 
tion technology costs within an organization.” 

At one time, shadow IT was limited to employee or departmental purchases 
of nonstandard computing devices and off-the-shelf software from office sup- 
ply stores. However, the scope of shadow IT spending has greatly expanded, 
largely due to cloud computing and the availability of enterprise software, 
file-sharing apps, and collaboration tools as a service. For instance, cloud ser- 
vice providers can deliver increasing amounts of computing, network, and 
storage capacity on demand and without requiring any capital investment 
on the part of the cloud users. These cloud service providers typically offer a 
monthly or annual subscription service model; they may also provide training, 
support, and data integration services. All of this makes it easier for department 
managers to skirt formal procedures associated with the purchase of large cap- 
ital expense items—including scrutiny by the information system department. 

Shadow IT enables business managers to quickly create highly innova- 
tive solutions to real business problems and to test out these solutions. Such 
systems may serve as prototypes that evolve into future approved IT solu- 
tions. However, shadow IT solutions frequently employ nonapproved vendors, 
software, or hardware and may not meet the IS department standards for 
control, documentation, security, support, and reliability. This raises security 
risks and issues regarding compliance with essential government and industry 
standards, such as Basel III Gnternational standards for the banking industry), 
FISMA (Federal Information Security Management Act of 2002), GAAP (Gener- 
ally Accepted Accounting Principles), HIPAA (Health Insurance Portability and 
Accountability Act), IFRS (International Financial Reporting Standards), and 
Sarbanes-Oxley Act (accounting regulations for publicly traded companies). 

Issues often arise when a shadow IT solution “breaks” and questions are 
raised about who is responsible for fixing it and supporting the end users. The 
IS department may not have developed the solution, or even been aware of it, 
but business users expect their help in “fixing” it. Table 1.4 presents a summary 
of the pros and cons associated with shadow IT. 

The information systems department may become more comfortable with 
shadow IT if it sees the IS department’s role as maximizing the effective use 
of technology in the company rather than controlling the use of technology. 
Also, shadow IT provides a source of funds outside the IS department budget 
to tackle high-priority projects. 


Continuous Education 


Often, the people filling IS roles have completed some form of certification. 
certification: A process for testing Certification is a process for testing skills and knowledge; successful comple- 
skills and knowledge. tion of a certification exam results in an endorsement by the certifying authority 

that an individual is capable of performing particular tasks or jobs. Certification 

frequently involves specific, vendor-provided, or vendor-endorsed coursework. 

Getting certified from a software, database, or network company may open 
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the door to new career possibilities or result in an increase in pay. According 
to one survey, 65 percent of employers use IT certifications to differentiate 
between equally qualified candidates, while 72 percent of employers require 
some form of IT certification for certain job roles. Table 1.5 presents some of 
the more in demand certifications. 
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TABLE 1.4 Pros and cons of shadow IT efforts 


Pros Cons 


Enables the business to test quick solutions 
to business needs without delays brought on 
by involvement of information systems 


Can create an innovative, synergistic part- 
nership between the information systems 
department and other business units 


Provides the opportunity to evaluate and test 
many more information system initiatives 


TABLE 1.5 Certifications in high demand 


The systems and processes developed may lack necessary levels of 
security required to meet compliance standards 


Can create tension between the CIO who has responsibility for 
technology within the organization and business managers who want 
more of a role in the information system decisions 


Individual departments may buy services, software, and hardware that 
the company could get a better deal through central purchasing 


May be wasteful and duplicate work already being done by the IS 
organization 


Issues can arise over responsibility to fix “non-approved” solutions 


Area of Certification Topic 


Application and Web AJAX (Asynchronous JavaScript and XML) development (a set of Web development 
Development techniques using many Web technologies on the client side to build Web applications) 


C# development (general-purpose, object-oriented programming language) 


Java development (general-purpose, object-oriented programming language whose com- 
piled code can run on all platforms that support Java without the need to recompile) 


.NET development (a programming framework created by Microsoft that developers can use 
to create applications more easily) 


PHP development (a widely-used open source general-purpose scripting language that is 
especially suited for Web development and can be embedded into HTML) 


Sharepoint (enables groups to set up a centralized, password-protected space for document 


sharing) 


Database Administration | Microsoft SQL Server database 


Oracle database 


Business Analytics SAP Business Objects (platform that enables business users to discover data, perform 
analysis to derive insights, and create reports that visualize the insights. 


Hadoop (an open source distributed processing framework that manages data processing 
and storage for big data applications) 


Python (a general-purpose programming language that can be used for Web development, 
data analysis, artificial intelligence, and scientific computing) 


Ruby on Rails (Ruby is a general-purpose programming language frequently used to 
develop Web applications, and Rails is a development tool that is used by Web developers) 


Networking/Security Cisco network administration 


LINUX/UNIX administration 


Certified Information Systems Security Professional (CISSP) 


Check Point Firewall administration 


Project Management Project Management Institute’s project manager professional certification attests to your 
competence to fill the role of project manager leading and directing projects and teams. 
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Critical Virtual Team Onboarding 


Thinking TEAMWORK 
Exercise 


You are a recent hire in the 100-person information systems organization of a large 
consumer products company with four manufacturing locations, two distribution 
centers, and a product research and development facility. These workplaces are 
spread around the United States. A virtual team consisting of three new hires 
and six experienced information system managers and technicians from the firm’s 
various locations has been formed to improve the process of onboarding new 
information system hires and getting them up to speed as soon as possible. 


Review Questions 


1. What skills, knowledge, and experience might the new hires be lacking that 
could hinder them in their initial assignments? 

2. How might this knowledge gap be filled? Would you consider special training 
courses? What about assignments tailored to capture the missing skills and 
knowledge? 


Critical Thinking Questions 


1. Identify some of the advantages of forming a multi-organizational, virtual team 
to improve the process. Do you think that the team should consider adding any 
non-IS members? Why or why not? 

2. What are some of the logistical complications and team dynamic problems that 
the team can expect when working on this process? 


Principle: 


Managers have an essential role to play in the successful implementation 
and use of information systems—that role changes depending on which 
type of information system is being implemented. 

An information system (IS) is a set of interrelated components that work 
together to collect, process, store, and disseminate information to support fun- 
damental business operations, data reporting and visualization, data analysis, 
decision making, communications, and coordination within an organization. 
A well-designed information system provides a feedback mechanism to monitor 
and control its operation to make sure it continues to meet its goals and objectives. 

A competitive advantage enables an organization to generate more sales or 
achieve superior profit margins compared to its rivals. It can be gained in one 
of three ways: (1) by providing the same value as its competitors but at a lower 
price (cost leadership), (2) by charging higher prices for providing products 
which are perceived by the customer as being better (differentiation), or (3) by 
understanding and servicing their target market better than anyone else (focus). 

Managers have a key responsibility to identify and capitalize on opportu- 
nities to employ information systems as a tool to gain competitive advantage. 

An organization’s information systems operate within a context of people, 
technology infrastructure, processes, and structure. This framework is Leavitt’s 
Diamond. This model is used to introduce new systems into the workplace in a 
manner that lowers stress, encourages teamwork, and increases the probability 
of a successful implementation. 

Managers of the business functions most affected by the new information 
system have a key responsibility to ensure that the people, processes, and 
human structure components are fully addressed. 

People make the difference between success and failure in all organiza- 
tions. Good systems enable people to produce extraordinary results. 
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An organization’s technology infrastructure includes all the hardware, soft- 
ware, networks, facilities, and services used to develop, test, deliver, control, or 
support the information technology applications and services an organization 
requires to meet the needs of its customers, suppliers, key business partners, 
regulatory agencies, and employees. 

A process is a set of related activities that takes input, adds value, and 
creates an output for the customer of that process. 

Structure has to do with the defined relationships among members of the 
organization and their various activities. It also includes processes that assign 
roles, responsibilities, and authority to complete the various activities. 

When considering the role of business managers in working with 
information systems, it is useful to divide information systems into four types 
based on their sphere of influence: personal information systems, workgroup 
information systems, enterprise information systems, and interorganizational 
information systems. 

Personal IS includes information systems that improve the productivity of 
individual users in performing stand-alone tasks. 

Workgroup IS are systems designed to support teamwork and enable 
people to work together effectively, whether team members are in the same 
location or dispersed around the world. 

An enterprise application IS is used to meet organization-wide business 
needs and typically shares data with other enterprise applications used within 
the organization. 

An interorganizational information system (IOS) is a system that enables 
sharing of information and conducting business electronically across 
organizational boundaries. 

The value chain is a series of activities that an organization performs to trans- 
form inputs into outputs in such a way that the value of the input is increased. 

The supply chain is a key value chain whose primary processes include 
inbound logistics, operations, outbound logistics, marketing and sales, and 
service. Supply chain management encompasses all the processes required to 
get the right product into the right consumer’s hands in the right quantity at 
the right time and at the right cost. 

Information systems have transformed the nature of work and the shape 
of organizations themselves. A traditional view of information systems holds 
that organizations use them to control and monitor effectiveness and efficiency. 
A more contemporary view holds that information systems are often so inti- 
mately involved in the activities of the value chain that they are a part of the 
process itself. 


Principle: 


The strategic planning process for the IS organization and the factors that 
influence it depend on how the organization is perceived by the rest of 
the organization. 

Strategic planning is a process that helps managers identify desired out- 
comes and formulate feasible plans to achieve their objectives using available 
resources and capabilities. 

Strategic planning provides a framework to guide decision making, ensures 
effective use of resources, enables an organization to be proactive and take 
advantage of opportunities and trends, and it improves communication. 

An IS organization can be viewed as a cost center/service provider, a 
business partner/business peer, or a game changer. 

IS strategic planning is influenced by the corporate and business unit 
strategic plans as well as technology innovations and innovative thinking. 

The IS strategy identifies the technologies, vendors, competencies, people, 
systems, and projects in which the organization will invest to support the 
corporate and business unit strategies. 
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Principle: 


The information system worker functions at the intersection of business 
and technology and designs, builds, and implements solutions that allow 
organizations to effectively leverage information technology systems. 

Successful information system workers need to have a variety of personal 
characteristics and skills, including the ability to work well under pressure 
and in a fast-paced environment constantly undergoing change, good commu- 
nication skills, solid analytical and decision-making skills, effective team and 
leadership skills, and adeptness at implementing organizational change. 

Typical information system roles include CIO, software developer, infor- 
mation systems security analyst, systems analyst, programmer, Web developer, 
and business analyst. 

Technology is one of the fastest-growing areas of the U.S. economy, which 
has a strong demand for information system workers. 

Only about 60 percent of all information technology outlays are controlled 
by the information systems department. Shadow IT is a term used to describe 
the information systems and solutions built and deployed by departments 
other than the information systems department. In many cases, the information 
systems department may not even be aware of these efforts. 

Besides working for an IS department in an organization, IS personnel 
can work for a large consulting firm or a hardware or software manufacturer. 
Developing or selling products for a hardware or software vendor is another 
IS career opportunity. 

Certification is a process for testing skills and knowledge; successful com- 
pletion of a certification exam results in an endorsement by the certifying 
authority that an individual is capable of performing particular tasks or jobs. 
Certification can result in new career opportunities including promotion and 
a salary increase. 


certification process 

enterprise information system shadow IT 

workgroup information system strategic planning 

information system structure 

interorganizational IS supply chain 

Leavitt’s Diamond technology infrastructure 

personal information system value chain 

procedure workgroup information system 
Self-Assessment Test 

Managers have an essential role to play in the suc- 2. Managers of the business functions most affected 

cessful implementation and use of information by a new information system have a key respon- 

systems—that role changes depending on which sibility to ensure that : 

type of information system is being implemented. a. only the most current and most advanced 


technology is employed 
b. the people, processes, and human structure 
components are fully addressed 


1. Four information system types based on their 
sphere of influence include interorganizational, 
personal, enterprise, and 
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c. competitors cannot use a similar information 
system to gain a competitive advantage 
d. resources are deployed only against enterprise 
and interorganizational information systems 
is a model used to introduce 
new systems into the workplace in a man- 
ner that lowers stress, encourages teamwork, 
and increases the probability of a successful 
implementation. 
a. Strategic planning 
b. Porter’s Five forces model 
c. Leavitt’s Diamond 
d. Strategic competitive advantage 
The contemporary view of information systems 
is that they are often so intimately involved in an 
organization’s value chain that they are part of 
the process itself. True or False 


The strategic planning process for the IS organi- 
zation and the factors that influence it depend on 
how the organization is perceived by the rest of the 
organization. 


5. 


Which of the following is not a benefit 

associated with creating a strategic plan? 

a. provides a framework to guide decision 
making 

b. ensures effective use is made of the 
organization’s resources 

c. enables the organization to be proactive 

d. guarantees that only the most current 
technology solutions will be employed 

Four drivers that set the information strategy 

and determine information system investments 

include corporate strategy, technology innova- 

tions, innovative thinking, and 


Three ways the IS organization can be perceived 

by the rest of the organization that influence IS 

strategy are : 

a. flexible, resourceful, and forward-looking 

b. cost center, business partner, and game 
changer 

c. cost-effective, innovative, and creative 

d. reliable, simple, and timely 


The information system worker functions at the 
intersection of business and technology and designs, 
builds, and implements solutions that allow organi- 
zations to effectively leverage information technol- 
ogy systems. 


8. Which of the following are non-technical skills 


not commonly associated with an effective 

information system worker? 

a. ability to meet deadlines and solve 
unexpected challenges 

b. ability to work in a static, boring environment 
where there is little change 

c. good communication skills 

d. effective leadership skills 

Two potential benefits of obtaining a certifica- 

tion in an IS subject area are: 

a. new career possibilities and a potential 
increase in salary 

b. automatic pay increase and promotion 

c. movement from a technical career ladder 
to a management career ladder and salary 
increase 

d. receipt of certificate of certification which 
never expires and more rapid career 
advancement 


Self-Assessment Test Answers 


1 
2. 
3. 
4 
5 


workgroup 
b 

a 

True 

d 


6 
Us 
8. 
9 


business unit strategy 
b 


b 
a 


Review and Discussion Questions 


1. 


2. 


Describe four fundamental information system 
types based on their sphere of influence. 
Identify two key management responsibilities in 
implementing information systems. 

The four components of Leavitt’s Diamond 

are technology, processes, structure, and 


What is the traditional role that IS plays in the 
supply chain? What is the contemporary role? 


5k 


6. 


7 


Identify four key benefits of producing a strate- 
gic plan. 

Identify four drivers that help set the informa- 
tion systems organization strategy. 

Identify three ways the IS organization can be 
perceived by the rest of the organization and 
explain how that perception can affect the IS 
strategy. 
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Identify six non-technical skills needed to be an 
effective information system worker. 

Identify two benefits of obtaining a certification 
in an IS subject area. 


10. How is the IS organization at your work or uni- 


versity perceived by the rest of the organization? 
How has this influenced the IS strategy and what 
the organization has been able to accomplish? 


Business-Driven Decision-Making Exercises 


1. You are a member of the supply chain organi- 


zation of a consumer products manufacturer 
whose products are sold primarily through eight 
large retail chains. You have an idea to imple- 
ment a new sales forecasting information system 
to replace the existing system that relies on his- 
torical sales data and marketing plans. The new 
system requires that the manufacturer’s eight 
large retail customers enter their own weekly 
sales forecast of what they expect to order over 
the upcoming six weeks. The individual retailers’ 
forecasts will then be aggregated to develop the 
demand forecast for each six-week period. The 
supply chain organization will use this aggregate 
demand forecast to manage its inventory and 
production. Retailers will receive a discount for 
submitting a forecast that closely matches their 
actual orders. What other organizations within 
the company must be sold on this idea? How 
will you deal with the natural reaction of others 
to resist this change? How can you sell this idea 


to your company’s major retail customers? How 
might you use Leavitt’s Diamond to help sell 
others on your idea? 

As discussed in this chapter, successful 
information system workers need to have a 
variety of personal characteristics and skills, 
including the ability to work well under pressure 
and in a fast-paced environment constantly 
undergoing change, good communication 
skills, solid analytical and decision-making 
skills, effective team and leadership skills, 

and adeptness at implementing organizational 
change. Imagine that you are applying for 

a position as an information system worker. 
Develop a brief paragraph describing how you 
have demonstrated each characteristic in your 
own personal life. If you were a job recruiter, 
would you consider yourself a strong candidate 
for an information system position? Why or why 
not? What might you do to improve the likeli- 
hood of being recruited for such a position? 


Teamwork and Collaboration Activities 


1. 


With the other members of your group, create 
a list of software frequently used (at school 
and work) by each member of the team. Iden- 
tify which sphere of influence each software 
supports. Create a matrix with a column for 
each member of the team and a row for each 
software application frequently used by any 
member of the team. Enter individual, group, 
enterprise, or interorganizational in each 


2. 


intersecting cell to identify the specific soft- 
ware used. 

Have the members of your team research group 
decision-making processes—brainstorming, 
affinity grouping, and multi-voting. Have your 
team members identify the six most important 
learning objectives they hope to learn from this 
course. If requested, share your findings with 
the instructor and/or class. 


Career Exercises 


1. Go to the Web site for the U.S. Bureau of Labor 


Statistics to find information about the occu- 
pations with the greatest projected job growth 
in terms of the number of people who will be 
needed over the next 10 years. Use graphics 
software to illustrate the growth of the 10 fast- 
est growing occupations. Do further research to 
include data about median salary and years of 
schooling required for each of these positions. 
Does this data cause you to reconsider your 


college major? Prepare a brief summary of your 
findings including at least one graph summariz- 
ing this data. 

Do research on the Web to learn how recruiters 
use social network data to help screen job appli- 
cants. Does what you learn raise any concerns 
about how you could be viewed when you apply 
for your next job? Should you remove any pho- 
tos or postings you or others have made about 
you on any social network site? 
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Æ SYSTEMS AND PROCESSES 


Customer-Focused Innovation Drives CarMax 
CarMax transformed the used car buying experience back 
in the 1990s with its no-haggle car prices that allows the 
customer to focus on other features (such as fuel econ- 
omy, safety features, entertainment package, and so on) of 
the auto. Today, CarMax is the largest used car retailer in 
the United States with 173 used car stores and an aggres- 
sive growth plan that calls for the opening of more than a 
dozen new stores each year. During the fiscal year ended 
February 28, 2017, total revenue was $15.9 billion from the 
retail sale of just over 1 million used cars. CarMax continues 
to revolutionize car buying through consumer insights 

and customer-focused technology innovations that further 
distance CarMax from its competitors. 

Since 90 percent of used car buyers start their search 
online, CarMax built a Web site search platform similar to 
the highly effective “Amazon product description” design 
with which most consumers are familiar. CarMax has a cen- 
tralized vehicle inventory system with information on over 
50,000 CarMax Quality Certified vehicles. Its customers can 
search through this inventory using their mobile devices 
or portable or desktop computers. Consumers may even 
request that CarMax transfer the car of their choice to a 
store near them and, indeed, nearly 30 percent of the cars it 
sells are transferred for this reason. 

CarMax launched a new online financing app to enable 
customers to get prequalified for a loan prior to visiting a 
store. This app helps move the customer further along the 
sales process and provides a faster in-store shopping expe- 
rience. It has been received well by customers and contrib- 
utes to increased leads, which CarMax believes generates 
incremental sales. 

When a customer arrives to sell his or her car, a CarMax 
associate armed with a mobile device can evaluate the 
vehicle in real-time without ever leaving the customer or 
the vehicle. The associate has access to all the information 
needed to provide an accurate appraisal via a mobile app. 
This creates a positive initial experience both for the cus- 
tomer and the associate. CarMax associates use their mobile 
devices and the same app to appraise vehicles at off-site 
auto auctions. This enables them to buy the best cars at the 
best prices so that CarMax can make them available to its 
customers. 

CarMax customers interested in getting an appraisal 
value for their vehicle can also submit their vehicle informa- 
tion online without having to come to a store. 

CarMax plans to add an app to support a loyalty pro- 
gram for car owners. This will help them maintain and 
replace auto parts and obtain roadside assistance. There will 
also be a wallet-like feature where customers can store their 
vehicle ID number and insurance information. 

CarMax has a strong program for onboarding infor- 
mation system new hires. Once new software developers 
arrive at CarMax, they attend Information Technology 
Academy. This academy is an eight-week program designed 


to jump-start their CarMax career. Here they learn about 
the primary technologies and tools as well as the software 
development process used at CarMax, thus laying a strong 
foundation for success in their new role. They also visit 
CarMax stores to observe first hand, different business pro- 
cesses and learn how CarMax information systems support 
employees and customers alike. This experience helps them 
to appreciate how their contributions will have a direct and 
significant impact on the organization’s ongoing success. 

At the end of the eight-week program, each graduate is 
assigned to a product team matching their skill set, interests, 
and aptitude. CarMax fuels the innovation process by 
creating multi-functional product teams consisting of up to 
10 people including a product manager, lead software devel- 
oper, and people from quality assurance and user design. 
The team is challenged to go after business objectives and 
key results such as how many leads they generate or how 
many prospect-to-customer conversions they deliver. It’s up 
to them to determine the best solution for each customer to 
meet their goals. Every two weeks, the product teams con- 
duct open houses that anyone can attend. A team member 
presents what the product team has accomplished against 
its business objectives. CarMax senior managers, including 
an occasional board of directors’ member, regularly attend 
these open houses. 


Critical Thinking Questions 


1. Would you classify the new auto appraisal system as 
operating in the personal, workgroup, enterprise, or 
interorganizational sphere of influence? Why? Identify 
key organizational complements CarMax needed to 
put in place to ensure that the new system would be 
successful. 

2. How do you think the CarMax IS organization is per- 
ceived by the rest of the organization? Support your 
opinion. 

3. Based on their use of multi-functional product teams, 
what personal traits, technical skills, and non-technical 
skills do you think CarMax looks for in its information 
systems new hires? 
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Principles 


Computer crime is a 
serious and rapidly growing 
area of concern requiring 
management attention. 


Organizations must 
take strong measures to 
ensure secure, private, 
and reliable computing 
experiences for their 
employees, customers, 
and business partners. 


Learning Objectives 


State four reasons why computer incidents have become so prevalent. 
Identify four classes of perpetrators mostly likely to initiate a cyberattack. 
Define the term attack vector. 

Identify at least three commonly used attack vectors. 

Identify five cyberthreats that pose a serious threat for organizations. 
Identify five consequences of a successful cyberattack. 

Identify five federal laws that address computer crime. 


Discuss how the CIA security triad can be implemented at the organizational, 
network, application, and end user levels to safeguard against cyberattacks. 


Conduct a security self-assessment of your own computer and usage habits. 


Identify eight steps that must be taken to perform a thorough security risk 
assessment. 


Describe five actions an organization must take in response to a successful 
cyberattack. 


Describe the role of a managed security service provider. 


Define the term computer forensics. 
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IS in Action 


Organizations Mishandle Data Breaches 


Æ SOCIAL AND ETHICAL ISSUES, DATA PROTECTION 


What do Yahoo, Uber, and Under Armour have in common? They all suffered massive 
data breaches in which hackers gained access to tens of millions of customers’ personal 
data—and then failed to disclose the breach in a timely fashion. The companies failed to 
disclose the breaches even though the state and federal laws require companies to alert 
people and government agencies when sensitive data breaches occur. In each case, the 
data breach resulted from a failure to apply software patches to fix known vulnerabilities, 
questionable allocation of information security resources, and poor management decision 
making. These companies are by no means the only ones to suffer large data breaches and 
then drag their feet in reporting it to officials and affected parties, but they are among the 
worst offenders and an examination of them can provide useful insights into the problem. 

Yahoo disclosed in December 2016 that one billion of its users’ accounts had been 
compromised in an August 2013 breach. In the breach, attackers accessed email addresses, 
passwords, birth dates, and other bits of personal information. A year later in November 
2017, Yahoo provided an alarming update—the incident had exposed three billion 
accounts—every single Yahoo account that existed at the time! Yahoo took over four 
years to discover and disclose the full extent of what is currently the largest data breach 
in history. (During this four-year span, Yahoo suffered another data breach in late 2014 
that impacted 500 million accounts. This data breach was not disclosed until September 
2016—some two years after the fact.) Verizon was in the process of acquiring Yahoo 
during this time and uncertainty over the legal ramifications of the data breach enabled 
it to negotiate a $350 million reduction in the price it would pay for Yahoo in the deal 
completed in June 2017. Yahoo shareholders brought a class action suit against the firm 
and were awarded $80 million in 2018. 

Uber, the popular ridesharing, food delivery, and transportation service company, 
announced in February 2015 that it had suffered a data breach in May 2014. The breach 
itself wasn’t discovered until September 2014 and affected some 50,000 of its drivers. The 
New York attorney general fined Uber $20,000 for failing to promptly disclose this data 
breach. Alarmingly, a second data breach occurred at Uber in October 2016 involving 
names, email addresses, and phone numbers of 50 million customers around the world. 
Company officials learned of the hack in November 2016 but failed to inform the New 
York attorney general and the Federal Trade Commission about this breach until November 
2017. Although Uber admits it had a legal obligation to report the hack to regulators, the 
company instead paid the hackers to delete the data and keep the breach quiet. 

Under Armour was hit with a data breach that impacted some 150 million users of its 
My Fitness Pal food and nutrition application. Usernames, passwords, and email addresses 
were compromised. The data was compromised sometime in February 2018 and users 
were notified several weeks later in late March. Shares of the firm dropped 4 percent on 
the news. 

Individuals whose data is compromised in a data breach have a need to know so 
that they can take prompt action to avoid potential negative consequences. Somewhere 
between 50 and 75 percent of U.S. Internet users use just one password on most of their 
online accounts. These online accounts include email, social media, financial institutions, 
Medicare, social security, health care organizations, and so on. Hackers know this fact and 
take advantage of this security gap to gain access to other Web sites you frequent in order 
to gather additional personal data. Hackers can use this data for identify theft or blackmail 
purposes, to obtain a credit card or take out a loan in your name, to file a false income tax 
return in your name, or to execute numerous other nefarious activities related to identity 
theft. As a result, organizations that fail to report a data breach promptly are seen by the 
public as acting irresponsibly and unethically. The reputation of such an organization 
suffers and it may lose many customers as a result. 
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As you read about secure information systems, consider the following: 


e What key trade-offs and ethical issues are associated with the safeguarding of data 
and information systems? 

e What are the key elements of a multilayer process for managing security 
vulnerabilities? 


Why Learn About Secure Information Systems? 


The security of data and information systems used in business is of utmost importance. Confidential busi- 
ness data and private customer and employee information must be safeguarded, and systems must be 
protected against malicious acts of theft or disruption. As we saw in the opening vignette, organizations 
we are familiar with have suffered serious data breaches. Other organizations that suffered serious data 
breaches in 2018 include retailer Saks, Lord & Taylor; the Sacramento Bee newspaper; ticketing company 
Ticketfly, bakery, café Panera Bread; the My Heritage genealogy platform; and marketing and data 
aggregation firm Exactis. Have you interacted with any of these organizations recently? 

Although the need for security is obvious, it must often be balanced against other business needs. 
Business managers, IS professionals, and IS users all face a number of complex trade-offs regarding IS 
security. They might use questions such as the following to evaluate those trade-offs: 

e How much effort and money should be spent to safeguard against computer crime? (In other words, 
how safe is safe enough?) 

e What should be done if recommended computer security safeguards make conducting business more 
difficult for customers and employees, resulting in lost sales and increased costs? 

e Ifa firm is a victim of a computer crime, should it pursue prosecution of the criminals at all costs, 
maintain a low profile to avoid the negative publicity, inform affected customers, or take some other 
action? 


The Threat Landscape re T 


The number of cybercrimes being committed against individuals, organizations, 
and governments continues to increase, and the destructive impact of these 
crimes is also intensifying. Some 50 percent of small to mid-sized organizations 
reported suffering at least one cyberattack during 2017.' Some estimate that 
the global cost of cybersecurity breaches will cost some $6 trillion by 2021, 
up from $3 trillion in 2015. This monetary loss makes the financial impact of 
cybercrime larger than the global financial trade of illegal drugs. 

The brands, reputation, and earnings of many organizations around the 
world have been negatively impacted by cybercrimes. To counteract cyber- 
crime, industry experts expect spending on cybersecurity products and services 
to exceed $1 trillion over the time period 2017-2022, with the average cost of 
cybersecurity measures per company in 2017 pegged at $11.7 million.’ 

Note the following alarming results from a recent survey of executives:‘ 


e 89 percent of respondents say their cybersecurity function does not fully 
meet their needs 

e 87 percent of respondents say they need up to 50 percent more 
cybersecurity budget 

e 77 percent of respondents consider a careless member of staff as the 
most likely source of attack 

e 75 percent of respondents rate the maturity of their vulnerability 
identification as very low to moderate 


Clearly, we have a lot of work to do to get cyberattacks under control. 
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bring your own device 

(BYOD): A business policy 

that permits, and in some cases 
encourages, employees to use their 
own mobile devices (smartphones, 
tablets, or laptops) to access company 
computing resources and applications. 


exploit: An attack on an information 
system that takes advantage of a 
particular system vulnerability. 
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Why Computer Incidents Are So Prevalent 


Computer incidents are prevalent for a variety of reasons. These reasons include 
increasing computing complexity, an increase in the prevalence of bring your 
own device (BYOD) policies, a growing reliance on software with known vul- 
nerabilities, and the increasing sophistication of those who would do harm. 
These reasons, which are discussed in the following sections, have caused a 
dramatic increase in the number, variety, and severity of security incidents. 


Increasing Complexity Increases Vulnerability 

The computing environment has become enormously complex. The Internet of 
Things, cloud computing, mobile devices, operating systems, applications, Web 
sites, switches, routers, and gateways are all interconnected and are driven by 
hundreds of millions of lines of code. This environment continues to increase in 
complexity every day and soon will include billions of communicating devices. 
The number of possible entry points to a network expands continually as more 
devices are added, further increasing the possibility of security breaches. 

In addition, organizations are constantly adding new applications, mod- 
ifying existing applications, and replacing older, legacy information systems. 
This constant change further increases the level of complexity and raises the 
vulnerability of the systems. 


Bring Your Own Device Policies 


Bring your own device (BYOD) is a business policy that permits, and in some 
cases encourages, employees to use their own mobile devices (smartphones, 
tablets, or laptops) to access company computing resources and applications. 
These resources and applications include email, corporate databases, the cor- 
porate intranet, and the Internet. Proponents of BYOD say the policy improves 
employee productivity by allowing workers to use devices with which they 
are already familiar—while also helping to create an image of a company as a 
flexible and progressive employer. However, this practice raises many potential 
security issues as it is highly likely that such devices are also used for non- 
work activity, such as browsing Web sites, blogging, shopping, and visiting 
social networks. This nonwork activity exposes the devices to malware much 
more frequently than a device that is used strictly for business purposes. (The 
malware may then be spread throughout the company.) In addition, BYOD 
makes it extremely difficult for IT organizations to adequately safeguard the 
wide range of portable devices with various operating systems and a myriad 
of applications. 


Use of Software with Known Vulnerabilities 


In computing, an exploit is an attack on an information system that takes 
advantage of a particular system vulnerability. Often this attack is made pos- 
sible due to poor system design or implementation. Once the vulnerability is 
discovered, software developers create and issue a “fix,” or patch, to eliminate 
the problem. Users of the system or application are responsible for obtaining 
and installing the patch, which they can usually download from the Web. 

Any delay in installing a patch exposes the system to a potential security 
breach. The need to install a fix to prevent a hacker from taking advantage of 
a known system vulnerability can create a time-management dilemma for sys- 
tem support personnel trying to balance a busy work schedule. For instance, 
should support personnel install a patch that, if left uninstalled, could lead to 
a security breach, or should they complete assigned project work so that the 
anticipated project savings and benefits from the project can begin to accrue 
on schedule? Note that the number of new software vulnerabilities identified 
in 2016 was 15,000—an average of 41 per day—as shown in Figure 2.1. 
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FIGURE 2.1 


Total number of new software 
vulnerabilities identified 
annually 


Source: Shaun Waterman, “Report: 
Discovery Rate of New Software 
Vulnerabilities Flattens,” Cyber Scoop, 
February 17, 2017, httos:/Avww.cyber 
scoop.com/risk-based-security-report- 
number-vulnerabilities-cve-cvss. 
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Clearly, it can be difficult to keep up with all the required patches to fix 
these vulnerabilities. Of special concern is a zero-day attack, which is an attack 
that takes place before the security community becomes aware of and fixes 
a security vulnerability. Zero-day attacks are rare—just eight were identified 
in 2016 and 49 were identified in 2017. Hackers employed a zero-day attack 
in 2017 on the consumer credit reporting bureau Equifax. This attack led to a 
data breach that exposed the names, addresses, social security numbers, and 
driver’s license numbers of over 143 individuals.’ 

While one would hope that the discoverer of a zero-day vulnerability would 
immediately inform the original software manufacturer so that a fix could be 
created for the problem, that is not always the case. In some cases, this knowl- 
edge is instead sold on the black market to cyberterrorists, governments, or 
large organizations that may then use it to launch their own cyberattacks. For 
example, a zero-day vulnerability that enabled hackers to gain admin rights 
to any Windows operating system computer from Windows 2000 to a current 
version of Windows 10 was offered for sale on the black market for $90,000.° 

U.S. companies increasingly rely on commercial software with known vul- 
nerabilities. Even when vulnerabilities are exposed, many corporate IT organi- 
zations continue to use already installed software as-is rather than implement 
security fixes. IT organizations often make this decision because the fixes will 
either make the software harder to use or eliminate “nice-to-have” features that 
will help sell the software to end users. 


Increasing Sophistication of Those Who Would Do Harm 


Previously, computer troublemakers were stereotyped as introverted “geeks” 
who were working independently and who were motivated by the desire to 
gain some degree of notoriety. These individuals were armed with specialized, 
but limited, knowledge of computers and networks and used rudimentary 
tools, perhaps downloaded from the Internet, to execute exploits. While such 
individuals still exist, today’s computer menace is much better organized and 
may be part of an organized group (such as Anonymous, Chaos Computer Club, 
Lizard Squad, TeslaTeam) that has an agenda and that targets specific orga- 
nizations and Web sites. Some of these groups have ample resources, includ- 
ing money and sophisticated tools, to support their efforts. Today’s computer 
attacker has the depth of knowledge, financial wherewithal, and expertise to 
get around computer and network security safeguards. 


Perpetrators Most Likely to Initiate a Cyberattack 


In 2017-2018, professional service firm Ernst & Young polled 1,735 global 
executives, information security managers, and IT leaders, and found that in 
descending order, careless insiders, cyber criminals, malicious employees, and 
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used to gain unauthorized access to a 
device or a network. 
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accessing your data until you meet 
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hacktivists were considered the most likely sources of a cyberattack. Currently, 
although the lone wolf and cyberterrorist receive a lot of publicity, they are not 
considered among the most serious sources of cyberattacks. 


TABLE 2.1 Classifying perpetrators of computer crime 


Type of perpetrator Description 


Careless insider An inside (employee, business partner, contractor, con- 
sultant) who does not follow the organization’s security 
polices and enables a cyberattack to occur 


Malicious employees An insider who deliberately attempts to gain access to 
and/or disrupt a company’s information systems and 
business operations 


Cybercriminal Someone who attacks a computer system or network for 
financial gain 

Hacktivist An individual who hacks computers or Web sites in 
order to promote a political ideology 


Lone wolf attacker Someone who violates computer or Internet security 
maliciously or for illegal personal gain 


Cyberterrorist State-sponsored individual or group who attempts to 
destroy the infrastructure components of governments, 
financial institutions, corporations, utilities, and 
emergency response units 


IBM found that 55-60 percent of all cyberattacks are initiated through the 
actions of insiders. These insiders include employees, business partners, clients, 
contractors, and consultants who have physical or remote access to a compa- 
ny’s assets. Careless (or untrained) insiders might not be acting with criminal 
intent but they might fail to follow your organization’s cybersecurity policies 
and do something foolish such as creating a weak password or opening an 
email attachment containing malware.’ 


Types of Attack Vectors 


Perpetrators of computer crimes use an attack vector to gain unauthorized 
access to a device or a network and to initiate a cyberattack. There are numer- 
ous types of attack vectors, some of which are summarized in Table 2.2. While 
we usually think of cyberattacks being aimed at computers, they are also being 
aimed at smartphones because smartphones store an array of personal identity 
information, including credit card numbers and bank account numbers. 


Cyberattacks That Pose Serious Threats 


Cyberattacks that pose serious threats are ransomware, distributed 
denial-of-service attacks, data breaches, cyberespionage, and cyberterrorism. 
These types of cyberattacks are serious due to either the frequency of these 
attacks or the potential damage they can inflict. 


Ransomware 


Ransomware is malware that stops you from using your computer or accessing 
the data on your computer until you meet certain demands, such as paying a 
ransom or, in some cases, sending compromising photos to the attacker. Pay- 
ment is frequently demanded in untraceable Bitcoin. While law enforcement 
agencies recommend not paying the ransom, some two-thirds of victims reason 
that the value of the encrypted data outweighs the cost of the ransom and so 
they pay the ransom.’ 
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TABLE 2.2 Various types of cyberattacks 


Attack type Description 


Advanced persistent 


threat 
Blended threat 


Phishing 


Rootkit 


Smishing 


Social engineering 


Spam 


Trojan horse 


Virus 


Vishing 


Worm 


A network attack in which an intruder gains access to a network and stays there—undetected— 
with the intention of stealing data over a long period of time. 


A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other 
malicious code into a single payload. 


The act of fraudulently using email to try to get the recipient to reveal personal data. 


A set of programs that enables its user to gain administrator-level access to a computer without 
the end user’s consent or knowledge. Once installed, the attacker can gain full control of the 
system and even obscure the presence of the rootkit from legitimate system administrators. 


A variation of phishing that involves the use of texting. 


The use of deception to trick individuals into divulging data needed to gain access to an 
information system or network. 


The use of email systems to send unsolicited email to large numbers of people. 


A seemingly harmless program in which malicious code is hidden. A victim on the receiving 
end of a Trojan horse is usually tricked into opening it because it appears to be useful software 
from a legitimate source. 


A piece of programming code, usually disguised as something else, that causes a computer to 
behave in an unexpected and usually undesirable manner. 


Similar to smishing except that the victims receive a voice mail message telling them to call a 
phone number or access a Web site. 


A harmful program that resides in the active memory of the computer and duplicates itself. 
Worms differ from viruses in that they can propagate without human intervention, often 
sending copies of themselves to other computers by email. 


From 2016 to 2017, the number of ransomware attacks on U.S. businesses 
tripled from one attack every two minutes to one attack every 40 seconds. 
Attacks against individuals doubled from 1 every 20 seconds to 1 every 10 sec- 
onds. The average ransom demand is just over $1000. Among those who have 
paid ransom demands, 20% were never able to recover their files.° 

A computer can become infected with ransomware when a user opens 
an email attachment containing the malware or is lured to a compromised 
Web site by a deceptive email or pop-up window. However, most ransomware 
attacks take advantage of vulnerabilities in widely deployed software such as 
Microsoft’s Server Message Block (SMB). This is a network file sharing pro- 
tocol, to gain remote access to victim machines and execute the ransomware 
directly. It is not necessary to trick users with disguised payloads to initiate a 
ransomware attack. Once the malware has taken over, it encrypts some or all 
of the victim’s files. The files can then only be decrypted with a mathematical 
key known only to the attacker. Government agencies, medical facilities, and 
law firms are favorite ransomware targets as these organization often need 
immediate access to their files. 

Less than five percent of companies pay ransoms, electing instead to recover 
encrypted data from backup files. However, getting infected systems back up 
and running takes time and effort—nearly one-third of companies infected with 
ransomware suffer five days or longer without access. Each day without access 
runs up costs in lost business and damages due to downtime. Experts estimate 
that global ransomware costs due to lost business and damages exceeded 
$5 billion in 2017.!° 

The city of Atlanta was hit with a ransomware attack in March 2018 that 
disabled over 40 programs of the city’s mission critical apps, including those 
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controlled from one or more remote 
locations by hackers without the 
knowledge or consent of their owners. 
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release of sensitive data or the access 
of sensitive data by unauthorized 
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used by the court system and police. As a result of this attack, residents could 
not pay their water bills or pay parking tickets, and police and other city 
workers had to write out their reports manually. In addition, court proceedings 
for people not in custody had to be cancelled until the systems were up and 
running again, and years of police dashcam data were lost, making it more 
difficult to prosecute some criminal cases.'! City officials decided not to pay 
the $51,000 ransom but were still working to recover from the attack three 
months later. It is estimated that the city will spend over $10 million to recover 
from the attack.” 


Distributed Denial-of-Service Attacks 

A distributed denial-of-service (DDoS) attack is one in which a malicious 
hacker takes over computers via the Internet and causes them to flood a tar- 
get site with demands for data and other small tasks. A DDoS attack does not 
involve infiltration of the targeted system. Instead, it keeps the target so busy 
responding to a stream of automated requests that legitimate users cannot get 
in—the Internet equivalent of dialing a telephone number repeatedly so that 
all other callers hear a busy signal. The targeted machine essentially holds the 
line open while waiting for a reply that never comes; eventually, the requests 
exhaust all resources of the target. 

The software required to initiate a DDoS is simple to use, and many DDoS 
tools are readily available at a variety of hacker sites. In a DDoS attack, a tiny 
program is downloaded surreptitiously from the attacker’s computer to dozens, 
hundreds, or even thousands of computers all over the world. The term botnet 
is used to describe a large group of such computers, which are controlled from 
one or more remote locations by hackers, without the knowledge or consent 
of their legitimate owners. The collective processing capacity of some botnets 
exceeds that of the world’s most powerful supercomputers. Based on a com- 
mand by the attacker or at a preset time, the botnet computers (called zombies) 
go into action, each sending a simple request for access to the target site again 
and again—dozens of times per second. The target computers become so over- 
whelmed by requests for service that legitimate users are unable to get through 
to the target computer. 

There were 7.5 million DDoS attacks worldwide in 2017. Victims of DDoS 
attacks reported a financial impact in the range of $10,000-$100,000 coming 
from damage to reputation and operational expenses." 

GitHub, a Web site where some 28 million people go to develop software, 
suffered perhaps the largest ever DDoS attack with over 1.35 terabytes (one 
million multiplied by a million bytes) of requests per second. However, the 
Web site was well prepared for such an attack and only experienced about 
10 minutes of unavailability in February 2018." 


Data Breach 


A data breach is the unintended release of sensitive data or the access of 
sensitive data by unauthorized individuals, often resulting in identify theft. 
Figure 2.2 illustrates the number of people who had personal identification 
information compromised in the six largest U.S. data breaches. 

The number of U.S. data breaches in 2017 hit a record high of 1,575—a 
44 percent increase over 2016.5 The numbers for government and industry 
sectors where data breaches occurred are identified in Figure 2.3. Data breaches 
are considered a serious threat due to their relatively high frequency of occur- 
rence and the large number of people affected. 

Not only are the individuals whose data is compromised in a data breach 
put at risk of identity theft or blackmail, but also the shareholders of an orga- 
nization hit with a data breach can be impacted by a decline in the valuation 
of the firm that follows publication of the incident. They can lose money if 
they need to sell the stock or if the hacked organization is being considered for 
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FIGURE 2.2 


Six largest data breaches in 
the United States 


Source: Taylor Armerding, “The 17 biggest 
data breaches of the 21st century,” CSO 
Online, January 26, 2018, https://www 
.csoonline. com/article/2 13087 7/data- 
breach/the-biggest-data-breaches-of-the- 
21st-century.html. 


FIGURE 2.3 


Data breaches in government 
and industrial sectors in 2017 


Source: “The Reality of Data Breaches,” 
https.://breachlevelindex.com/assets/ 
Breach-Level-Index-Infographic-20 17- 
Gemalto- 1500. jpg, accessed July 17, 2018. 
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potential acquisition by another firm. Consumer credit reporting agency Equifax 
suffered a data breach in which over 143 million consumers personal data was 
compromised. Its stock price fell over 30 percent following announcement of 
the data breach—from a high of around $141/share to a low of $94/share in 
a period of just a week." As stated earlier in the chapter, Verizon was able to 
negotiate a $350 million reduction in the acquisition of Yahoo when it became 
known that it had suffered the biggest data breach in U.S. history. 


Cyberespionage 

Cyberespionage involves the deployment of malware that secretly steals data 
in the computer systems of organizations. These organizations include govern- 
ment agencies, military contractors, political organizations, and manufacturing 
firms. The type of data most frequently targeted includes data that can provide 
an unfair competitive advantage to the perpetrator. This data is typically not 
public knowledge and may even be protected via patent, copyright, or trade 
secret. High-value data includes the following: 


e Sales, marketing, and new product development plans, schedules, and 
budgets 
e Details about product designs and innovative processes 
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e Nonpublic information about mergers, acquisitions, and investment deals 
e Employees’ personal information 

e Customer and client data 

e Sensitive information about partners and partner agreements 


Tensions have long simmered between China and the United States over 
alleged cyberespionage attacks. United States experts claim cyberespionage 
has helped China to accelerate the research and development process and 
cut years off the time for that country to acquire new technology in a variety 
of industries. Alleged targets have included aluminum and steel producers, a 
company that designs nuclear power plants, a solar panel manufacturer, and an 
aircraft manufacturer. Meanwhile, China’s Foreign Ministry portrays the United 
States as a hypocrite that engages in cyberespionage by conducting cybertheft, 
wiretapping, and surveillance activities against Chinese governmental 
departments, companies, and universities. 

After years of discussion and behind the scenes efforts, President Obama 
and Chinese President Xi Jinping announced in September 2015 that the two 
nations had agreed to initial norms of cyberactivities with the two nations 
pledging each will avoid conducting cybertheft of intellectual property for 
commercial gain.'”'* Cybersecurity experts stated that Chinese cyber espionage 
operations aimed at stealing trade secrets, intellectual property, and other con- 
fidential business information substantially declined following this agreement. 
However, by May 2017, FireEye (a provider of advanced computer security 
services) detected a phishing campaign initiated by Chinese groups targeting 
at least seven global law and investment firms in an attempt to access valu- 
able information on transactions such as mergers, acquisitions, and investment 
deals. The attacks were associated with a group of hackers, with some degree 
of sponsorship by the Chinese government.” 


Cyberterrorism 

Cyberterrorism is the intimidation of government or civilian population by 
using information technology to disable critical national infrastructure (e.g., 
energy, transportation, financial, law enforcement, emergency response, 
and healthcare systems) to achieve political, religious, or ideological goals. 
Cyberterrorism is an increasing concern for countries and organizations 
around the globe. 

In September 2017, in a statement before the Senate Homeland Security 
and Government Affairs Committee, FBI director Christopher Wray proclaimed: 
“Preventing terrorist attacks remains the FBI’s top priority. The terrorist threat 
against the United States remains persistent and acute. From a threat perspec- 
tive, we are concerned with three areas in particular: (1) those who are inspired 
by terrorist propaganda and act out in support; (2) those who are enabled to 
act after gaining inspiration from extremist propaganda and communicating 
with members of foreign terrorist organizations who provide guidance on 
operational planning or targets; and (3) those who are directed by members 
of foreign terrorist organizations to commit specific, directed acts in support 
of the group’s ideology or cause.””° The FBI is warning private industry to be 
prepared for an environment where multiple attacks can come from a variety 
of sources, often simultaneously and always with an intent to do damage. 

In February 2018, Senate Select Committee on Intelligence hearing, Daniel 
Coates, director of national intelligence stated: “Frankly, the United States is 
under attack—under attack by entities that are using cyber to penetrate virtu- 
ally every major action that takes place in the United States. From U.S. busi- 
nesses, to the federal government, to state and local governments, the United 
States is threatened by cyberattacks every day.” He highlighted Russia, China, 
Iran, and North Korea as the greatest cyber threats, but stated that others use 
cyber operations to achieve strategic and malign objectives.” 
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department of homeland 
security (DHS): A large federal 
agency with more than 240,000 
employees and a budget of almost 
$65 billion whose goal is to provide for 
a “safer, more secure America, which 
is resilient against terrorism and other 
potential threats.” 


U.S. computer emergency 
readiness team (US-CERT): A 
partnership between the Department 
of Homeland Security and the public 
and private sectors; established to 
provide timely handling of security 
incidents as well as conducting 
improved analysis of such incidents. 


The Department of Homeland Security (DHS) is a large federal agency 
with more than 240,000 employees and a budget of almost $65 billion whose 
goal is to provide for a “safer, more secure America, which is resilient against 
terrorism and other potential threats.” The agency was formed in 2002 when 
22 different federal departments and agencies were combined into a unified, 
integrated cabinet agency.” The agency’s Office of Cybersecurity and Com- 
munications resides within the National Protection and Programs Directorate 
and is responsible for enhancing the security, resilience, and reliability of U.S. 
cyber and communications infrastructure. It works to prevent or minimize 
disruptions to critical information infrastructure in order to protect the public, 
the economy, and government services.” 

The Department of Homeland Security Web site (www.dhs.gov) provides 
a link that enables users to report cyber incidents. Incident reports go to the 
US-CERT Incident Reporting System, which assists analysts of the U.S. Computer 
Emergency Readiness Team (US-CERT) (a partnership between the Depart- 
ment of Homeland Security and the public and private sectors) in providing 
timely handling of security incidents as well as in conducting improved analysis 
of such incidents.” Established in 2003 to protect the nation’s Internet infrastruc- 
ture against cyberattacks, US-CERT serves as a clearinghouse for information on 
new viruses, worms, and other computer security topics. 

According to the Department of Homeland Security, Russia has attempted 
to infiltrate key U.S. infrastructure targets in the aviation, energy, manufactur- 
ing, nuclear, and water sectors since March 2016. Access was attempted by 
initially targeting small third-party networks that were less secure. In his book 
Lights Out, broadcast journalist Ted Koppel discusses the potential for a suc- 
cessful cyberterrorist attack on the United States power grid and its devasting 
impact—tens of millions of people without the power required for running 
water, sewage disposal, refrigeration, and lighting. Heating and air condition- 
ing units, life-saving hospital equipment, cell phone towers, traffic lights—all 
would be without the power needed to operate for weeks or even months. 

In July 2018, 12 officers within Russia’s Main Intelligence Directorate of 
the General Staff were indicted for allegedly hacking into various Democratic 
Party computers, releasing tens of thousands of stolen emails and documents, 
and attempting to gain control of the email accounts of people associated 
with the 2016 Hilary Clinton campaign. In addition, around July 2016, Russian 
intelligence officers hacked into the Illinois state board of elections Web site 
and stole information related to approximately 500,000 voters. There is no 
evidence that the actual vote count was tampered with.” 


Consequences of a Successful Cyberattack 


The impact of a successful cyberattack can be serious and long lasting. There 
are five broad areas of impact, as illustrated in Figure 2.4 and discussed below. 
The image of the iceberg is appropriate for this discussion because most people 
only think of the direct impact of a successful cyberattack and do not consider 
all the other oft-hidden effects: 


Direct impact This is the value of the assets (cash, inventory, equipment, patents, 
copyrights, trade secrets, data) stolen or damaged due to the cyberattack. 
Shareholders of the organizations will also experience a direct impact from the 
drop in the share price that typically follows a major cyberattack. 


Business disruption A successful cyberattack may make it impossible for the orga- 
nization to operate in an effective manner for several hours or days. This can 
cause a loss of existing business and customers as well as the loss of potential new 
business and customers. In addition, resources may be diverted from their regular 
duties to scramble to operate some sort of back-up procedures that enables essen- 
tial business processes to continue—albeit at a lower level of efficiency. 
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FIGURE 2.4 
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Recovery cost It may take people from the IS organization and business 
areas days or weeks to repair affected systems and recover lost or compromised 
data. Resources will need to be drawn from their normal work responsibilities 
to perform a post-incident analysis to identify the scope, cause, and impact of 
the cyberattack and to determine measures to prevent a reoccurrence. 

Legal consequences There is the prospect of monetary penalties for busi- 
nesses that fail to comply with data protection legislation. For example, the 
European Union General Data Protection Regulation (GDPR) has established 
strong guidelines for how organizations process and handle data so that the 
personal information of individuals is protected. Organizations that violate 
these guidelines can be fined 20 million euros ($23 million U.S. dollars), or 
4 percent of global annual revenue—whichever is greater. In addition, con- 
sumers are almost certain to initiate lawsuits to recover any damages incurred 
from the cyberattack. Many organizations that suffer a cyberattack that com- 
promises the personal data of employees, customers, or patients provide one 
or two years of identity theft insurance or consumer credit monitoring for 
those impacted. At a cost of $20 or so per month multiplied by the number of 
individuals affected, this bill can be quite expensive. 

Reputation damage A successful cyberattack can erode the trust your 
organization has established with your customers, suppliers, business part- 
ners, and shareholders. This damage to your organization’s reputation leads 
to a devaluation of the products and services of your organization resulting in 
a drop in stock price, loss of customers, supplier turnover, strained business 
partner relationships, and ultimately, a loss of sales and decrease in profits. 


Federal Laws for Prosecuting Computer Attacks 


Over the years, the United States Congress has enacted multiple laws to 
help prosecute those responsible for computer-related crime; these laws are 
summarized in Table 2.3. For example, Section 814 of the USA Patriot Act 
defines cyberterrorism as any hacking attempts designed to gain unautho- 
rized access to a protected computer, which, if successful, would cause a 
person an aggregate loss greater than $5,000; adversely affect someone’s 
medical examination, diagnosis, or treatment; cause a person to be injured; 
cause a threat to public health or safety; or cause damage to a governmental 
computer that is used as a tool to administer justice, national defense, or 
national security.” Those convicted of cyberterrorism are subject to a prison 
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term of 5-20 years. (The $5,000 threshold is quite easy to exceed, and, as a 
result, many young people who have been involved in what they consider to 
be minor computer pranks have found themselves meeting the criteria to be 
tried as cyberterrorists.) 


TABLE 2.3 Federal laws that address computer crime 


Federal Law Subject Area 


Computer Fraud and Abuse Act (U.S. 


Code Title 18, Section 1030) 


Fraud and Related Activity in Con- 
nection with Access Devices Statute 
(U.S. Code Title 18, Section 1029) 


Identity Theft and Assumption 
Deterrence Act (U.S. Code Title 18, 
Section 1028) 


Stored Wire and Electronic Commu- 
nications and Transactional Records 
Access Statutes (U.S. Code Title 18, 
Chapter 121) 


USA Patriot Act 


Critical 
Thinking 
Exercise 


Addresses fraud and related activities in association with computers, including 
the following: 


e Accessing a computer without authorization or exceeding authorized access 
e Transmitting a program, code, or command that causes harm to a computer 
e Trafficking of computer passwords 

e 


Threatening to cause damage to a protected computer 


Covers false claims regarding unauthorized use of credit cards 


Makes identity theft a federal crime, with penalties of up to 15 years of 
imprisonment and a maximum fine of $250,000 


Focuses on unlawful access to stored communications to obtain, alter, or 
prevent authorized access to a wire or electronic communication while it is in 
electronic storage 


Defines cyberterrorism and associated penalties 


University Under Attack! 
æ DECISION MAKING, DATA PROTECTION 


Your university has been hit by a ransomware cyberattack. Student academic and 
financial records, faculty and administrative personnel information, and payroll 
records are all illegally encrypted and now inaccessible to legitimate users. A ran- 
som of $50,000 must be paid in the next two days for the university to receive the 
encryption key that will unlock the data. An emergency team has been called to 
decide what to do. 


Review Questions 

1. What are the odds that even if the university pays the ransom that it will be 
able to recover this data? 

2. What other options does the university have to recover this data? 


Critical Thinking Questions 

1. Develop a scenario under which it would be advisable for the university to pay 
this ransom. 

2. How would you recommend that the university respond to this request? Why? 


Now that we have discussed the reasons cyberattacks are increasing, the 
perpetrators most likely to initiate a cyberattack, the cyberattacks that pose 
serious threats, the consequences of a successful cyberattack, and the laws 
under which perpetrators can be prosecuted, we will discuss how organi- 
zations can take steps to implement a multilayer security strategy to thwart 
cyberattacks. 
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The CIA Security Triad 3 a 


The IT security teams of organizations worldwide focus on ensuring confidenti- 
ality, maintaining integrity, and guaranteeing the availability of systems and data. 
Confidentiality ensures that only those individuals with the proper authority can 
access sensitive data such as employee personal data, customer and product sales 
data, new product development plans, and marketing strategies. Integrity ensures 
that data can be changed only by authorized individuals so that the accuracy, 
the consistency, and the trustworthiness of the data are guaranteed. Availability 
ensures that the data can be accessed when and where needed, including during 
times of disaster recovery operations. A widely held but difficult-to-achieve stan- 
dard of availability for a system or product is known as “five 9s” or 99.999 
percent availability. For an operation that runs 365 days per year, 24 hours per 
day this translates to less than one hour of unavailability per year. Confidentiality, 

CIA security triad: Confidentiality, integrity, and availability are referred to as the CIA security triad. 

integrity, and availability form the basis Although no organization can ever be completely secure from attack, a 

ofthe ClAseguny mad: layered security solution makes cyberattacks so difficult that an attacker eventu- 
ally gives up or is detected before much harm is inflicted. In a layered solution, 
if an attacker breaks through one layer of security, another layer must then 
be overcome. Security measures must be planned for, designed, implemented, 
tested, and maintained at the organizational, network, application, and end-user 
layers to achieve true CIA security (see Figure 2.5). These layers of protective 
measures are explained in more detail in the following sections. 


Distributed denial-of-service 


Cyberterrorism Ransomware 


Organizational 
Network 
Application 


End user 


Organizational 
Assets 


Cyberespionage Data breach 


FIGURE 2.5 


A multi-layered security 


solution Other attacks 


Implementing CIA at the Organizational Level 


Implementing CIA begins at the organizational level with the definition of an 
overall security strategy, performance of a risk assessment, laying out plans 
for disaster recovery, setting security policies, conducting security audits, 
ensuring regulatory standards compliance, and creating a security dashboard. 
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risk assessment: The process of 
assessing security-related risks to an 
organization’s computers and networks 
from both internal and external threats. 


Completion of these tasks at the organizational level will set a sound founda- 
tion and clear direction for future CIA-related actions. 


Security Strategy 


Implementing CIA security at the organizational level requires a risk-based 
security strategy with an active governance process to minimize the potential 
impact of any security incident and to ensure business continuity in the event 
of a cyberattack. Creating such a strategy typically begins with performing 
a risk assessment to identify and prioritize the threats that the organization 
faces. The security strategy must define a disaster recovery plan that ensures 
the availability of key data and information technology assets. Security policies 
guide employees to follow recommended processes and practices to avoid 
security-related problems. 

Periodic security audits are needed to ensure that individuals are follow- 
ing established policies and to assess if the policies are still adequate even 
under changing conditions. In addition to complying with its internal policies, 
an organization may also need to comply with standards defined by external 
parties, including regulatory agencies. Many organizations employ a security 
dashboard to help track the key performance indicators of their security strat- 
egy. The various components of the security strategy are discussed in the 
following subsections. 


Risk Assessment 


Risk assessment is the process of assessing security-related risks to an orga- 
nization’s computers and networks from both internal and external threats. 
Such threats can prevent an organization from meeting its key business objec- 
tives. The goal of risk assessment is to identify which investments of time and 
resources will best protect the organization from its most likely and serious 
threats. In the context of an IT risk assessment, an asset is any hardware, 
software, information system, network, or database that is used by the orga- 
nization to achieve its business objectives. A loss event is any occurrence that 
has a negative impact on an asset. Examples of loss events include a computer 
contracting a virus or a Web site undergoing a DDoS attack. 
The steps in a general security risk assessment process are as follows: 


e Step 1—Identify the set of IT assets about which the organization is most 
concerned. Priority is typically given to those assets that support the 
organization’s mission and the meeting of its primary business goals. 

e Step 2—Identify the loss events or the risks or threats that could occur, 
such as a DDoS attack or insider fraud. 

e Step 3—Assess the frequency of events or the likelihood of each poten- 
tial threat; some threats, such as insider fraud, are more likely to occur 
than others. 

e Step 4—Determine the impact of each threat occurring. Would the threat 
have a minor impact on the organization, or could it keep the organiza- 
tion from carrying out its mission for a lengthy period of time? 

e Step 5—Determine how each threat can be mitigated so that it becomes 
much less likely to occur or, if it does occur, has less of an impact on the 
organization. For example, installing virus protection on all computers 
makes it much less likely that a computer will contract a virus. Due to 
time and resource limitations, most organizations choose to focus on just 
those threats that have a high (relative to all other threats) probability 
of occurrence and a high (relative to all other threats) impact. In other 
words, first address those threats that are likely to occur and that would 
have a high negative impact on the organization. 

e Step 6—Assess the feasibility of implementing the mitigation options. 

e Step 7—Perform a cost-benefit analysis to ensure that your efforts will be 
cost effective. No amount of resources can guarantee a perfect security 
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reasonable assurance: The 
recognition that managers must use 
their judgment to ensure that the 

cost of control does not exceed the 
system’s benefits or the risks involved. 
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system, so organizations must balance the risk of a security breach with 
the cost of preventing one. The concept of reasonable assurance in 
connection with IT security recognizes that managers must use their 
judgment to ensure that the cost of control does not exceed the system’s 
benefits or the risks involved. 

e Step 8—Make the decision on whether or not to implement a particular 
countermeasure. If you decide against implementing a particular counter- 
measure, you need to reassess if the threat is truly serious and, if so, 
identify a less costly countermeasure. 


The general security risk assessment process—and the results of that process— 
will vary by organization. Table 2.4 illustrates a risk assessment for a hypothet- 
ical organization. The estimated cost includes the cost of the direct impact, the 
business disruption, the recovery efforts, and the legal and reputational damage. 


TABLE 2.4 Risk assessment for a hypothetical company 


Business 
objective 
threatened 


Adverse event 


Data breach Provide safe, 


of customer secure Web 
account data site consumers 
can trust 


Distributed 
denial-of- 
service (DDoS) 
attack 


Email attach- 
ment with 
harmful worm 


Harmful virus 


24/7 operation 
of a retail Web 
site 


Rapid and reli- 
able communi- 
cations among 
employees and 
suppliers 


Employees’ use 


of personal 
productivity 
software 


Reliable cash 
flow 


Invoice and 
payment fraud 


disaster recovery plan: 

A documented process for recovering 
an organization’s business information 
system assets—including hardware, 
software, data, networks, and 
facilities—in the event of a disaster 
such as a flood, fire, or electrical 
outage. 


business continuity plan: 

A document that includes an 
organization’s disaster recovery plan, 
occupant emergency evacuation 

plan, continuity of operations plan, and 
an incident management plan. 


Threat Vulnerability Estimated Relative 
(estimated (likelihood cost of a Risk = Threat < priority 
frequency of success of | successful Vulnerability X to be 
of event) this threat) attack Estimated cost mitigated 
18 per year 3% $5,000,000 $2,700,000 îl 
3 per year 25% $500,000 $375,000 2 
1,000 per 0.05% $200,000 $100,000 3 
year 

2,000 per 0.04% $50,000 $40,000 4 
year 

1 per year 10% $200,000 $20,000 5 


A completed risk assessment identifies the most dangerous threats to a 
company and helps focus security efforts on the areas of highest payoff. 


Disaster Recovery 
Data availability requires implementing products, services, policies, and pro- 
cedures that ensure that data is accessible even during disaster recovery oper- 
ations. To accomplish this goal, organizations typically implement a disaster 
recovery plan. This plan is a documented process for recovering an orga- 
nization’s business information system assets—including hardware, software, 
data, networks, and facilities—in the event of a disaster such as a flood, fire, 
or electrical outage. A disaster recovery plan should be a component of an 
organization’s overall business continuity plan, which should also include 
an occupant emergency evacuation plan, a continuity of operations plan, and 
an incident management plan. 

A disaster recovery plan focuses on technology recovery and identifies the 
people or the teams responsible in the event of a disaster, what exactly these 
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mission-critical processes: 
Business processes that are essential 
to continued operations and goal 
attainment. 


failover: Another approach to 
backup when a key component is no 
longer functioning; applications and 
other programs are automatically 
switched over to a redundant server, 
network, or database to prevent an 
interruption of service. 


security policy: Defines an 

organization’s security requirements, 
as well as the controls and sanctions 
needed to meet those requirements. 


people will do when a disaster strikes, and the information system resources 
required to support critical business processes. Disasters can be natural (e.g., 
earthquake, fire, flood) or manmade (e.g., accident, civil unrest, terrorism). 
When developing a disaster recovery plan, organizations should think in terms 
of not being able to gain access to their normal place of business for an 
extended period of time, possibly up to several months. 

As part of defining a business continuity plan, an organization should conduct 
a business impact analysis to identify critical business processes and the resources 
that support them. The recovery time for an information system resource should 
match the recovery time objective for the most critical business processes that 
depend on that resource. Some business processes are more essential to con- 
tinued operations and goal attainment than others. These processes are called 
mission-critical processes. Quickly recovering data and operations for these 
mission-critical processes can make the difference between failure and survival 
for an organization. If your billing system doesn’t work and you can’t send out 
invoices, your company is at risk of going out of business due to cash flow issues. 

Files and databases can be protected by making a copy of all files and data- 
bases changed during the last few days or the last week, a technique called incre- 
mental backup. This approach to backup uses an image log, which is a separate 
file that contains only changes to applications or data. Whenever an application 
is run, an image log is created that contains all changes made to all files. If a 
problem occurs with a database, an old database with the last full backup of 
the data, along with the image log, can be used to recreate the current database. 

Organizations can also hire outside companies to help them perform 
disaster planning and recovery. EMC, for example, offers data backup in its 
RecoverPoint product.” For individuals and some applications, backup copies 
of important files can be placed on the Internet. 

Failover is another approach to backup. When a server, network, or data- 
base fails or is no longer functioning, failover automatically switches applications 
and other programs to a redundant or replicated server, network, or database to 
prevent an interruption of service. SteelEye’s Lifekeeper and Application Con- 
tinuous Availability by NeverFail are examples of failover software.” Failover 
is especially important for applications that must be operational at all times. 

It is imperative that a disaster plan be practiced, and improvements made 
to the plan based on the results of the test. Unfortunately, many organizations 
have either never tested their organization’s disaster recovery solution or have 
no idea exactly when it was last tested. One reasonable approach to testing 
is to simulate a disaster for a single critical portion (e.g., order processing or 
customer billing) of your business during a time of low business activity. The 
next disaster plan test should then target a different area of the business. 


Security Policies 

A security policy defines an organization’s security requirements, as well as 
the controls and sanctions needed to meet those requirements. A good security 
policy delineates responsibilities and the behavior expected of members of the 
organization. A security policy outlines what needs to be done but not how 
to do it. The details of how to accomplish the goals of the policy are typically 
provided in separate documents and procedure guidelines. 

The SANS (SysAdmin, Audit, Network, Security) Institute’s Web site (www 
.Sans.org) offers several security-related policy templates that can help an orga- 
nization to quickly develop effective security policies. The templates and other 
security policy information can be found at www.sans.org/security-resources/ 
policies and provide guidelines for creating various policies, including accept- 
able use policy, email policy, password protection policy, remote access policy, 
and software installation policy. 

Experienced IT managers understand that users will often attempt to 
circumvent security policies or simply ignore them altogether. Because of 
that, automated system rules should mirror an organization’s written policies 
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security audit: A process that 
enables the organization to identify 
its potential threats, establish a 
benchmark of where it is, determine 
where it needs to be, and develop a 
plan to meet those needs. 
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whenever possible. Automated system rules can often be put into practice using 
the configuration options in a software program. For example, if a written pol- 
icy states that passwords be a minimum of 13 characters, include at least one 
number, one capital letter, and one special character, then all systems should 
be configured to enforce this policy automatically. Users should not be able to 
create weak passwords. 

System administrators must also be vigilant about changing the default 
usernames and passwords for specific devices when they are added to an 
organization’s network. Cybercriminals and others looking to access the net- 
works of various organizations can easily find information online regarding 
the default username and password combinations for many vendors’ products. 
A hacker was able to gain access to sensitive military documents about how 
to service the super classified MQ-9 Reaper drone, the deployment tactics 
for IEDs, and an M1 ABRAMS tank operations manual because the default 
password for several network routers was never changed.*! 

A growing area of concern for security experts is the use of wireless devices 
to access corporate email, store confidential data, and run critical applications, 
such as inventory management and sales force automation. Mobile devices 
such as smartphones can be susceptible to viruses and worms. However, the 
primary security threat for mobile devices continues to be loss or theft of the 
device. Wary companies have begun to include special security requirements 
for mobile devices as part of their security policies. In some cases, users of 
laptops and mobile devices must use a virtual private network (a method 
employing encryption to provide secure access to a remote computer over the 
Internet) to gain access to their corporate network. 


Security Audits 

Another important prevention tool is a security audit that enables the orga- 
nization to identify its potential threats, establish a benchmark of where it 
is, determine where it needs to be, and develop a plan to meet those needs. 
Management should insist on thorough annual security audits using objective, 
experienced resources from outside the organization. In some cases, they have 
no choice in conducting an external audit. Financial institutions, for example, 
are required to have external auditors certify compliance with regulations such 
as the Gramm-Leach-Bliley Act (GLBA). Potential partners or customers may 
insist on seeing the results of a security audit before they do business with 
your company and put their own assets at risk. 

The audit should examine if security policies are being followed. For exam- 
ple, if a policy says that all users must change their passwords every 30 days, the 
audit must check how well that policy is being implemented. The audit should 
also review who has access to key systems and data and what level of author- 
ity each user has. It is not unusual for an audit to reveal that too many people 
have access to critical data and that many people have capabilities beyond those 
needed to perform their jobs. One result of a good audit is a list of items that 
need to be addressed to ensure that security policies are being met. 

A thorough security audit should also test system safeguards to ensure 
that they are operating as intended. Such tests might include trying the default 
system passwords that are active when software is first received from the ven- 
dor. The goal of such a test is to ensure that all such known passwords have 
been changed. 

Some organizations will also perform a penetration test of their defenses. 
This entails assigning individuals to try to break through the measures and 
identify vulnerabilities that still need to be addressed. The individuals used for 
this test are knowledgeable and are likely to take unique approaches in testing 
the security measures. 

In many cases, an organization will conduct additional security audits using 
its own resources to ensure that the recommendation made based on previous 
audits have been implemented. 
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Regulatory Standards Compliance 

In addition to the requirement to comply with your own security program, 
your organization may also be required to comply with one or more standards 
defined by external parties. In that case, your organization’s security program 
must include a definition of what those standards are and how the organization 
will comply. Regulatory standards that might affect your organization include 
those shown in Table 2.5. 


TABLE 2.5 Additional standards your organization may be required to meet 


Act or standard 


Bank Secrecy Act (Public 
Law 91-507)—Amended 
several times, including by 
provisions in Title III of 

the USA PATRIOT Act 

(see 31 USC § 5311-5330 
and Title 31 Code of Federal 
Regulations) 


European Union-United 
States Privacy Shield 


Federal Information 
Security Management Act 
(44 U.S.C. § 3541, et seq.) 


Foreign Corrupt Practices 
Act (15 U.S.C. § 78dd-1, 
et seq.) 


Gramm-Leach-Bliley 
Act (GLBA) (Public Law 
106-102) 


Health Insurance Portability 
and Accountability Act 
(Public Law 104-191) 


Payment Card Industry Data 
Security Standard (PCI-DSS) 


Sarbanes-Oxley Act (Public 
Law 107-204 116 Stat. 745) 


Who must meet this standard 


Financial institutions 


Organizations that do business with companies 
and/or individuals in the European Union 


Every federal agency 


Any person who is a citizen, national, or resi- 
dent of the United States and engages in foreign 
corrupt practices; also applies to any act by U.S. 
businesses, foreign corporations trading securi- 
ties in the United States, American nationals, U.S 
citizens, and U.S. residents acting in furtherance 
of a foreign corrupt practice whether or not 
they are physically present in the United States 


Companies that offer financial products or ser- 
vices to individuals, such as loans, insurance, or 
financial and investment advice 


Health-care clearinghouses, employer-sponsored 
health plans, health insurers, and medical 
service providers 


All organizations that store, process, and trans- 
mit cardholder data, most notably for debit 
cards and credit cards. 


All public corporations 


Subject matter 


Requires financial institutions in 
the United States to assist U.S. gov- 
ernment agencies in detecting and 
preventing money laundering 


Provides companies on both sides 
of the Atlantic with a mechanism 
to comply with EU data protection 
requirements when transferring 
personal data from the European 
Union to the United States in sup- 
port of transatlantic commerce 


Requires each federal agency to 
provide information security for 
the data and information systems 
that support the agency’s opera- 
tions and assets, including those 
provided or managed by another 
agency, contractor, or other source 


Makes certain payments to foreign 
officials and other foreign persons 
illegal and requires companies to 
maintain accurate records 


Governs the collection, disclosure, 
and protection of consumers’ non- 
public personal information or per- 
sonally identifiable information 


Regulates the use and disclosure of 
an individual’s health information 


Provides a framework of specifi- 
cations, tools, measurements, and 
support resources to help organi- 
zations ensure the safe handling of 
cardholder information 


Protects shareholders and the gen- 
eral public from accounting errors 
and fraudulent practices in the 
enterprise 
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Security Dashboard 

Many organizations use security dashboard software to provide a compre- 
hensive display of all key performance indicators related to an organization’s 
security defenses, including threats, exposures, policy compliance, and incident 
alerts. The purpose of a security dashboard is to reduce the effort required 
to monitor and identify threats in time to take action. Data that appears in 
a security dashboard can come from a variety of sources, including secu- 
rity audits, firewalls, applications, servers, and other hardware and software 
devices. Figure 2.6 shows an example of a security dashboard. 


Organizational Security Dashboard 

# | Key performance indicator Goal | Actual | Status 
1 | Number of separation-of-duty violations 0 2 

2 | Number of users with weak, noncompliant passwords <5 4 

3 | Percentage of critical IT assets that passed penetration tests >96% 93% 

4 | Backlog of software security patches and updates <3 3 

5 | Number of days since last internal security audit <90 94 

6 | Number of days since last external security audit <366 384 

7 | Percentage of employees and contractors who passed security exam >95% 87% 

8 | Score on last disaster-recovery test >90% 93% 


Red - Immediate action required 
Yellow - Caution, should be monitored 
Green - OK, goal has been met 


FIGURE 2.6 


An organizational security dashboard 


Algoma Central Corporation, a leading Canadian shipping company, owns 
and operates the largest Canadian flag fleet of dry-bulk carriers and product 
tankers operating on the Great Lakes-St. Lawrence Seaway system. The firm 
recently implemented a security dashboard from Avaap, Inc., to improve access 
to security information and alleviate the complexity of managing security data 
for its shipping operations.** 


Implementing CIA at the Network Level 


The Internet provides a wide-open and well-travelled pathway for anyone in 
the world to reach your organization’s network. As a result, organizations are 
continuing to move more of their business processes to the Internet to bet- 
ter serve customers, suppliers, employees, investors, and business partners. 
However, unauthorized network access by a hacker or resentful employee 
can result in compromised sensitive data and severely degrade services, with 
a resulting negative impact on productivity and operational capability. This 
in turn can create a severe strain on relationships with customers, suppliers, 
employees, investors, and business partners, who may question the capability 
of the organization to protect its confidential information and offer reliable 
services. Organizations must carefully manage the security of their networks 
and implement strong measures to ensure that sensitive data is not accessible 
to anyone who is not authorized to see it. 


Authentication Methods 


To maintain a secure network, an organization must authenticate users attempt- 
ing to access the network by requiring them to enter a something they know (e.g., 
username and password); something they possess (e.g., a smart card); or pass 
a biometric check. Many organizations are moving to two-factor authorization 
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biometric authentication: The 
process of verifying your identity using 
your physiological measurements 
(fingerprint, shape of your face, shape 
of your hand, vein pattern, your iris, or 
retina) or behavioral measurements 
(voice recognition, gait, gesture, or 
other unique behaviors). 


firewall: A system of software, 
hardware, or a combination of both 
that stands guard between an 
organization's internal network and the 
Internet, and limits network access 
based on the organization’s access 
policy. 


next-generation firewall 
(NGFW): A hardware- or software- 
based network security system that 
can detect and block sophisticated 
attacks by filtering network traffic 
dependent on the packet contents. 


that requires the user to provide two types of credentials before being able to 
access the network; the two credentials can be any of the following: 


e Something you know, such as a personal identification number (PIN) or 
password 

e Something you have, such as some form of security card or token 

e Something you are, such as a biometric (e.g., a fingerprint or retina scan) 


Two-factor authentication is required to withdraw money from a cash 
machine. You must present your bank card (something that you have) and a 
PIN (something that you know) to obtain cash from the machine. 

Biometric authentication is the process of verifying your identity by using 
your physiological measurements (fingerprint, shape of your face, shape of 
your hand, vein pattern, your iris, or retina) or behavioral measurements (voice 
recognition, gait, gesture, or other unique behaviors). To do this, a reference 
model of the unique characteristics must be stored in digital form in a data- 
base or smart card. This stored data is then compared to your biometric data 
to authenticate you are indeed who you claim to be. Upon authentication, 
you may then be granted access to a room or building, computer service, app, 
computing or communications device. 


Firewall 

Installation of a corporate firewall is the most common security precaution 
taken by businesses. A firewall is a system of software, hardware, or a combi- 
nation of both that stands guard between an organization’s internal network and 
the Internet, and limits network access based on the organization’s access policy. 

Any Internet traffic that is not explicitly permitted into the internal network 
is denied entry through a firewall. Similarly, most firewalls can be configured 
so that internal network users can be blocked from gaining access to Web sites 
deemed inappropriate for employees. These Web sites might include those 
whose content is based on sex and violence. Most firewalls can also be con- 
figured to block instant messaging, access to newsgroups, and other Internet 
activities. 

Software vendors Agnitum, Check Point, Comodo, Kaspersky, and Total 
Defense provide some of the top-rated firewall software used to protect per- 
sonal computers. Their software provides antivirus, firewall, antispam, parental 
control, and phishing protection capabilities and sell for $30-$80 per single 
user license. 

A next-generation firewall (NGFW) is a hardware- or software-based 
network security system that can detect and block sophisticated attacks by 
filtering network traffic dependent on the packet contents. Compared to first- 
and second-generation firewalls, a NGFW goes deeper to inspect the content of 
packets and matches sequences of bytes for harmful activities, such as known 
vulnerabilities, exploit attacks, viruses, and malware. 


Routers 


A router is a networking device that connects multiple networks together and 
forwards data packets from one network to another. Often, an Internet service 
provider (ISP) installs a router in a subscriber’s home to connect the ISP’s 
network to the network within the home. 

Routers enable you to create a secure network by assigning it a passphrase 
so that only individuals who have the passphrase can connect to your network. 
However, a skilled and committed attacker can break the passphrase to gain 
access to your network. Thus, as an additional layer of security, the router 
provides you the capability to specify the unique media access control (MAC) 
address of each legitimate device connected to the network and restrict access 
to any other device that attempts to connect to the network. This effectively 
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encryption: The process of 
scrambling messages or data in such 
a way that only authorized parties can 
read it. 


encryption key: A value that is 
applied (using an algorithm) to a set of 
unencrypted text (plaintext) to produce 
encrypted text that appears as a 
series of seemingly random characters 
(ciphertext) that is unreadable by those 
without the encryption key needed to 
decipher it. 


transport layer security 

(TLS): A communications protocol or 
system of rules that ensures privacy 
between communicating applications 
and their users on the Internet. 
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enables the router to distinguish legitimate traffic from unsolicited traffic and 
reject uninvited inbound connections. Most routers also have an option to 
restrict access to specific Web sites thus blocking access to Web sites that are 
known to infect user devices with malware. 


Encryption 

Encryption is the process of scrambling messages or data in such a way 
that only authorized parties can read it. Encryption is used to protect billions 
of online transactions each day, enabling consumers to order more than 
$300 billion in merchandise online each year and enabling banks to route 
some $40 trillion in financial transactions each year.’ With encryption, organi- 
zations share sensitive sales data, promotion plans, new product designs, and 
project status data among employees, suppliers, contractors, and others with 
a need to know. Encryption enables physicians and patients to share sensitive 
healthcare data with labs, hospitals, and other health treatment facilities as well 
as insurance carriers. To complete such transactions, sensitive data—including 
names, physical addresses, email addresses, phone numbers, account numbers, 
health data, financial data, passwords, and personal identification numbers 
(PINs)—must be sent and received. Great harm could be done, and chaos could 
ensue if this data were to fall into the wrong hands. Encryption is one means 
of keeping this data secure. 

An encryption key is a value that is applied (using an algorithm) to a set 
of unencrypted text (plaintext) to produce encrypted text that appears as a 
series of seemingly random characters (ciphertext) that is unreadable by those 
without the encryption key needed to decipher it. There are two types of 
encryption algorithms: symmetric and asymmetric. Symmetric algorithms use 
the same key for both encryption and decryption. Asymmetric algorithms use 
one key for encryption and a different key for decryption. Advanced Encryption 
Standard (AES) is the most widely used symmetric algorithm and is entrusted 
to protect classified U.S. government information. Wireless Protected Access 2 
(WPA2), which is the most commonly used security protocol for wireless 
networks today, employs the AES encryption algorithm. 

The ability to keep encrypted data secret is not determined by the encryp- 
tion algorithm, which is widely known, but rather on the encryption key. The 
encryption key is chosen from one of a large number of possible encryption 
keys. In general, the longer the key, the stronger the encryption. Thus, an 
encryption protocol based on a 56-bit key is not as strong as one based on a 
128-bit key. Of course, it is essential that the key be kept secret from possible 
interceptors. A hacker who obtains the key can recover the original message 
from the encrypted data. Encryption methods rely on the limitations of comput- 
ing power for their security. If breaking a code requires too much computing 
power, even the most determined hacker cannot be successful. 

Many online shoppers fear the theft of their credit card numbers and 
banking information. To help prevent this type of theft, the Transport Layer 
Security communications protocol is used to secure sensitive data. Transport 
Layer Security (TLS) is a communications protocol or system of rules that 
ensures privacy between communicating applications and their users on the 
Internet. TLS enables a client (such as a Web browser) to initiate a temporary, 
private conversation with a server (such as an online shopping site or bank). 
Before the client and server start communicating, they perform an automated 
process called a “handshake” during which they exchange information about 
who they are and which secret codes and algorithms they will use to encode 
their messages to each other. Then, for the duration of the conversation, all 
the data that passes between the client and server is encrypted so that even 
if somebody does listen in, they won’t be able to determine what is being 
communicated. 
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End users 


FIGURE 2.7 


Proxy Server 


Proxy Servers and Virtual Private Networks 


A proxy server serves as an intermediary between a Web browser and another 
server on the Internet that makes requests to Web sites, servers, and services 
on the Internet for you (see Figure 2.7). When you enter the URL for a Web site, 
the request is forwarded to the proxy server, which relays the request to the 
server where the Web site is hosted. The homepage of the Web site is returned 
to the proxy server, which then passes it on to you. Thus, the Web site sees the 
proxy server as the actual visitor and not you. 


Lineicons freebird/ 
Shutterstock.com 


The Internet 


Proxy server 


By forcing employees to access the Internet through a proxy server, com- 
panies can prevent employees from accessing certain Web sites. A proxy server 
can also capture detailed records of all the Web sites each employee has visited, 
when, and for how long. When you access a Web site directly, the server host- 
ing the Web site can see your IP address and store cookies on your computer, 
but a proxy server can hide your IP address and block cookies from being 
sent to your device. A proxy server relays those packets for you and strips the 
originating address so instead of your IP address, the Web site only sees the 
address of the proxy server. 

Remote users working at home, from a client’s office, or in a branch office 
often have a need to access sensitive data on a company’s private servers; 
however, doing so from an unsecured public network, such as a coffee shop 
wireless hotspot, could expose that data to unauthorized users with ill inten- 
tions. A virtual private network (VPN) enables remote users to securely access 
an organization’s collection of computing and storage devices and share data 
remotely. To connect to a VPN, you launch a VPN client on your computer and 
perform some form of authentication using your credentials. Your computer 
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then exchanges keys to be used for the encryption process with the VPN server. 
Once both computers have verified each other as authentic, all of your Internet 
communications are encrypted and secured from eavesdropping. 


Implementing CIA at the Application Level 


Authentication methods, user roles and accounts, and data encryption are key 
elements of the application security layer. These elements must be in place to 
ensure that only authorized users have access to the organization’s applications 
and data and that their access is limited to actions that are consistent with their 
defined roles and responsibilities. 


Authentication Methods 


Users are required to be authenticated before they can access an application— 
ideally, two factor authentication is required. Most organizations require that 
their applications authenticate users by requiring them to enter something they 
know (e.g., username and password); something they possess (e.g., a smart 
card); or pass a biometric check. 


User Roles and Accounts 


Another important safeguard at the application level is the creation of roles and 
user accounts so that once users are authenticated, they have the authority to 
perform their responsibilities and nothing more. For example, members of the 
finance department should have different authorizations from members of the 
human resources department. An accountant should not be able to review 
the pay and attendance records of an employee, and a member of the human 
resources department should not know how much was spent to modernize 
a piece of equipment. Even within one department, not all members should 
be given the same capabilities. Within the finance department, for example, 
some users may be able to approve invoices for payment, but others may only 
be able to enter them. No one user should be able to enter an invoice and 
approve an invoice for payment. This concept is called proper separation-of- 
duties. An effective system administrator will identify the similarities among 
users and create profiles associated with these groups. 


Data Encryption 


Major enterprise systems such as enterprise resource planning (ERP), customer 
relationship management (CRM), and product lifecycle management (PLM) 
access sensitive data residing on data storage devices located in data centers, 
in the cloud, or at third-party locations. Data encryption should be used 
within such applications to ensure that this sensitive data is protected from 
unauthorized access. 


Implementing CIA at the End-User Level 


Security education, authentication methods, antivirus software, and data 
encryption must all be in place to protect what is often the weakest link in the 
organization’s security perimeter—the individual user. The importance of these 
end-user level security measures cannot be overly emphasized. 


Security Education 


Creating and enhancing user awareness of security policies is an ongoing 
security priority for companies. Employees and contract workers must be 
educated about the importance of security so that they will be motivated to 
understand and follow security policies. This can often be accomplished by 
discussing recent security incidents that affected the organization. Users must 
understand that they are a key part of the security system and that they have 
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certain responsibilities. For example, users must help protect an organization’s 
information systems and data by doing the following: 


e Guarding their passwords to protect against unauthorized access to their 


accounts 


e Prohibiting others from using their passwords 
e Applying strict access controls (file and directory permissions) to protect 


data from disclosure or destruction 


e Reporting all unusual activity to the organization’s IT security group 
e Taking care to ensure that portable computing and data storage 
devices are protected (hundreds of thousands of laptops are lost or 


stolen per year) 


Table 2.6 provides a simple self-assessment security test that employees 
and contractors alike should be asked to complete. In each case, the preferred 


answer is Yes. 


TABLE 2.6 Self-assessment security test 


Security assessment question 
Do you have the most current version of your computer’s operating system installed? 


Do you have the most current version of firewall, antivirus, and malware software 
installed? 


Do you install updates to all your software when you receive notice that a new update 
is available? 


Do you use different, strong passwords for each of your accounts and applications—a 
minimum of 12 characters, with a mix of capital and lowercase letters, numbers, and 
special characters? 


Are you familiar with and do you follow your organization’s policies for accessing cor- 
porate Web sites and applications from your home or remote locations (e.g., access via 
a VPN)? 


Have you set the encryption method to WPA2 and changed the default name and 
password on your home wireless router? 


When using a free, public wireless network, do you avoid checking your email or 
accessing Web sites requiring a username and password? 


Do you refrain from clicking on a URL in an email from someone you do not know? 
Do you back up critical files to a separate device at least once a week? 


Are you familiar with and do you follow your organization’s policies regarding the 
storage of personal or confidential data on your device? 


Does your device have a security passcode that must be entered before it accepts 
further input? 


Have you installed Locate My Device or similar software in case your device is lost or 
stolen? 


Do you make sure not to leave your device unattended in a public place where it can 
be easily stolen? 


Have you reviewed, and do you understand the privacy settings that control who can 
see or read what you do on Facebook and other social media sites? 


Authentication Methods 


End users should be required to be authenticated before their computing/ 
communications device accepts further input. Again, several multifactor 
authentication schemes can be used. Many mobile devices are using the user’s 


fingerprint as a means of authentication. 
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antivirus software: Should be 
installed on each user’s personal 
computer to scan a computer’s 
memory and disk drives regularly for 
viruses. 


virus signature: Code that 
indicates the presence of a specific 
virus. 


intrusion detection system 
(IDS): Software and/or hardware 
that monitors system and network 
resources and activities and notifies 
network security personnel when it 
detects network traffic that attempts to 
circumvent the security measures of a 
networked computer environment. 
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Antivirus Software 


Antivirus software should be installed on each user’s personal computer to 
scan a computer’s memory and disk drives regularly for viruses. Antivirus soft- 
ware scans for a specific sequence of bytes, known as a virus signature, that 
indicates the presence of a specific virus. If it finds a virus, the antivirus soft- 
ware informs the user, and it may clean, delete, or quarantine any files, direc- 
tories, or disks affected by the malicious code. Good antivirus software checks 
vital system files when the system is booted up, monitors the system continu- 
ously for virus-like activity, scans disks, scans memory when a program is run, 
checks programs when they are downloaded, and scans email attachments 
before they are opened. Two of the most widely used antivirus software prod- 
ucts are Norton AntiVirus from Symantec and Personal Firewall from McAfee. 

According to US-CERT, most virus and worm attacks use already known 
malware programs. Thus, it is crucial that antivirus software be continually 
updated with the latest virus signatures. In most corporations, the network 
administrator is responsible for monitoring network security Web sites frequently 
and downloading updated antivirus software as needed. Many antivirus vendors 
recommend—and provide for—automatic and frequent updates. Unfortunately, 
antivirus software is not able to identify and block all viruses. 


Data Encryption 

While you should already have a login password for your mobile computing 
device or workstation, those measures won’t protect your data if someone steals 
your device—the thief can simply remove your storage device or hard drive and 
plug it into another computing device and access the data. If you have sensitive 
information on your computer, you need to employ full-disk encryption, which 
protects all your data even if your hardware falls into the wrong hands. 


Implementing Safeguards Against Attacks by Malicious Insiders 
User accounts that remain active after employees leave a company are another 
potential security risk. To reduce the threat of attack by malicious insiders, IS 
staff must promptly delete the computer accounts, login IDs, and passwords 
of departing employees and contractors. 

Organizations also need to define employee roles carefully and separate 
key responsibilities properly, so that a single person is not responsible for 
accomplishing a task that has high security implications. For example, it would 
not make sense to allow an employee to initiate as well as approve purchase 
orders. That would allow an employee to input large invoices on behalf of a 
dishonest vendor, approve the invoices for payment, and then disappear from 
the company to split the money with that vendor. In addition to separating 
duties, many organizations frequently rotate people in sensitive positions to 
prevent potential insider crimes. 

Another important safeguard is to create roles and user accounts so that 
users have the authority to perform their responsibilities and nothing more. 
An effective system administrator will identify the similarities among users and 
create roles and user accounts associated with these groups. 


Detection of a Cyberattack 


Even when preventive measures are implemented, no organization is com- 
pletely secure from a determined attack. Thus, organizations should implement 
detection systems to catch intruders in the act. Organizations often employ an 
intrusion detection system to minimize the impact of intruders. 

An intrusion detection system (IDS) is software and/or hardware that 
monitors system and network resources and activities and notifies network 
security personnel when it detects network traffic that attempts to circumvent 
the security measures of a networked computer environment (see Figure 2.8). 
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Messages from IDS routed 
to network security team 


IDS warns firewall of suspicious traffic. Network 
security team and logic in firewall decide what action 
to take, such as block all traffic from the source IP 
address of the suspicious traffic. 


-Eg 
Organization’s intrusion 
detection system 


Organization’s network 
router sends network traffic Qrganization’s 
to both IDS and firewall firewall 


Organization’s internal network 


Intrusion detection system 
An IDS notifies network security personnel when it detects network traffic that attempts to circumvent 
the security measures of a networked computer environment. 


Such activities usually signal an attempt to breach the integrity of the system 
or to limit the availability of network resources. 

Knowledge-based approaches and behavior-based approaches are two 
fundamentally different approaches to intrusion detection. Knowledge-based 
intrusion detection systems contain information about specific attacks and 
system vulnerabilities and watch for attempts to exploit these vulnerabilities, 
such as repeated failed login attempts or recurring attempts to download a 
program to a server. When such an attempt is detected, an alarm is triggered. 
A behavior-based intrusion detection system understands normal behavior of 
a system and its users because it collects reference information by various 
means. The intrusion detection system compares current activity to this model 
and generates an alarm if it finds a deviation. Examples include unusual traffic 
at odd hours or a user in the human resources department who accesses an 
accounting program that she has never before used. 


An organization should be prepared for the worst—a successful attack that 
defeats all or some of a system’s defenses and damages data and information 
systems. A response plan should be developed well in advance of any inci- 
dent and be approved by both the organization’s legal department and senior 
management. A well-developed response plan helps keep an incident under 
technical and emotional control. 

In a security incident, the primary goal must be to regain control and limit 
damage, not to attempt to monitor or catch an intruder. Sometimes system 
administrators take the discovery of an intruder as a personal challenge and 
lose valuable time that should be used to restore data and information systems 
to normal. 


Incident Notification 

A key element of any response plan is to define who to notify and who not 
to notify in the event of a computer security incident. Questions to cover 
include the following: Within the company, who needs to be notified, and what 
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information does each person need to have? Under what conditions should 
the company contact major customers and suppliers? How does the company 
inform them of a disruption in business without unnecessarily alarming them? 
When should local authorities or the FBI be contacted? 

Most security experts recommend against giving out specific information 
about a compromise in public forums, such as news reports, conferences, 
professional meetings, and online discussion groups. All parties working on 
the problem must be kept informed and up-to-date without using systems 
connected to the compromised system. The intruder may be monitoring these 
systems and emails to learn what is known about the security breach. 

A critical ethical decision that must be made is what to tell customers 
and others whose personal data may have been compromised by a computer 
incident. Many organizations are tempted to conceal such information for fear 
of bad publicity and loss of customers. Because such inaction is perceived by 
many to be unethical and harmful, several state and federal laws have been 
passed to force organizations to reveal when customer data has been breached. 


Protection of Evidence and Activity Logs 

An organization should document all details of a security incident as it works 
to resolve the incident. Documentation captures valuable evidence for a future 
prosecution and provides data to help during the incident eradication and 
follow-up phases. It is especially important to capture all system events, the 
specific actions taken (what, when, and who), and all external conversations 
(what, when, and who) in a logbook. Because this may become court evidence, 
an organization should establish a set of document-handling procedures using 
the legal department as a resource. 


Incident Containment 


Often, it is necessary to act quickly to contain an attack and to keep a bad sit- 
uation from becoming even worse. The incident response plan should clearly 
define the process for deciding if an attack is dangerous enough to warrant 
shutting down or disconnecting critical systems from the network. How such 
decisions are made, how fast they are made, and who makes them are all 
elements of an effective response plan. 


Eradication 


Before the IT security group begins the eradication effort, it must collect and 
log all possible criminal evidence from the system and then verify that all neces- 
sary backups are current, complete, and free of any malware. Creating a foren- 
sic disk image of each compromised system on write-only media both for later 
study and as evidence can be very useful. After virus eradication, a new backup 
must be created. Throughout this process, a log should be kept of all actions 
taken. This will prove helpful during the incident follow-up phase and ensure 
that the problem does not recur. It is imperative to back up critical applications 
and data regularly. Many organizations, however, have implemented inadequate 
backup processes and found that they could not fully restore original data after 
a security incident. All backups should be created with enough frequency to 
enable a full and quick restoration of data if an attack destroys the original, 
and this process must be tested to confirm that it works. 


Incident Follow-Up 


Of course, an essential part of follow-up is to determine how the organization’s 
security was compromised so that it does not happen again. Often the fix is 
as simple as getting a software patch from a product vendor. However, it is 
important to look deeper than the immediate fix to discover why the incident 
occurred. If a simple software fix could have prevented the incident, then why 
wasn’t the fix installed before the incident occurred? 
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A review should be conducted after an incident to determine exactly 
what happened and to evaluate how the organization responded. One 
approach is to write a formal incident report that includes a detailed chronol- 
ogy of events and the impact of the incident. This report should identify 
any mistakes so that they are not repeated in the future. The experience 
from this incident should be used to update and revise the security incident 
response plan. The key elements of a formal incident report should include 
the following: 


e IP address and name of host computer(s) involved 

e The date and time when the incident was discovered 

e The length of the incident 

e How the incident was discovered 

e The method used to gain access to the host computer 

e A detailed discussion of vulnerabilities that were exploited 

e A determination of whether or not the host was compromised as a result 
of the attack 

e The nature of the data stored on the computer (customer, employee, 
financial, etc.) 

e A determination of whether the accessed data is considered personal, 
private, or confidential 

e The number of hours the system was down 

e The overall impact on the business 

e An estimate of total monetary damage from the incident 

e A detailed chronology of all events associated with the incident 


Creating a detailed chronology of all events will also document the incident 
for possible later prosecution. To this end, it is critical to develop an estimate of 
the monetary damage. Potential costs include loss of revenue, loss in produc- 
tivity, and the salaries of people working to address the incident, along with 
the cost to replace data, software, and hardware. 

Another important issue is the amount of effort that should be put into 
capturing the perpetrator. If a Web site was simply defaced, it is easy to fix or 
restore the site’s HTML (Hypertext Markup Language—the code that describes 
to your browser how a Web page should look). However, what if the intruders 
inflicted more serious damage, such as erasing proprietary program source 
code or the contents of key corporate databases? What if they stole company 
trade secrets? Expert crackers can conceal their identity and tracking them 
down can take a long time as well as a tremendous amount of corporate 
resources. 

The potential for negative publicity must also be considered. Discussing 
security attacks through public trials and the associated publicity has not only 
enormous potential costs in public relations but real monetary costs as well. 
For example, a bank or a brokerage firm might lose customers who learn of 
an attack and think their money or records aren’t secure. Even if a company 
decides that the negative publicity risk is worth it and goes after the perpetra- 
tor, documents containing proprietary information that must be provided to 
the court could cause even greater security threats in the future. On the other 
hand, an organization must consider whether it has an ethical or a legal duty to 
inform customers or clients of a cyberattack that may have put their personal 
data or financial resources at risk. 


Using a Managed Security Service Provider (MSSP) 

Keeping up with computer criminals—and with new laws and regulations— 
can be daunting for organizations. Criminal hackers are constantly poking 
and prodding, trying to breach the security defenses of organizations. Also, 
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managed security service 
provider (MSSP): A company that 
monitors, manages, and maintains 
computer and network security for 
other organizations. 


computer forensics: A discipline 
that combines elements of law and 
computer science to identify, collect, 
examine, and preserve data from 
computer systems, networks, and 
storage devices in a manner that 
preserves the integrity of the data 
gathered so that it is admissible as 
evidence in a court of law. 
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laws such as HIPAA, Sarbanes-Oxley, and the USA Patriot Act require busi- 
nesses to prove that they are securing their data. For most small and midsized 
organizations, the level of in-house network security expertise needed to 
protect their business operations can be too costly to acquire and maintain. 
As a result, many organizations outsource their network security operations 
to a managed security service provider (MSSP), which is a company that 
monitors, manages, and maintains computer and network security for other 
organizations. MSSPs include such companies as AT&T, Computer Sciences 
Corporation, Dell SecureWorks, IBM, Symantec, and Verizon. MSSPs pro- 
vide a valuable service for IS departments drowning in reams of alerts and 
false alarms coming from virtual private networks (VPNs); antivirus, firewall, 
and intrusion detection systems; and other security-monitoring systems. In 
addition, some MSSPs provide vulnerability scanning and Web blocking and 
filtering capabilities. 


Computer Forensics 


Computer forensics is a discipline that combines elements of law and com- 
puter science to identify, collect, examine, and preserve data from computer 
systems, networks, and storage devices in a manner that preserves the integ- 
rity of the data gathered so that it is admissible as evidence in a court of law. 
A computer forensics investigation may be opened in response to a criminal 
investigation or civil litigation. It may also be launched for a variety of other 
reasons, for example, to retrace steps taken when data has been lost, assess 
damage following a computer incident, investigate the unauthorized disclosure 
of personal or corporate confidential data, or to confirm or evaluate the impact 
of industrial espionage. 

Computer forensics investigators work as a team to investigate an inci- 
dent and conduct the forensic analysis using various methodologies and 
tools to ensure the computer network system is secure in an organization. 
For example, accounting, tax, and advisory company Grant Thornton Inter- 
national has several IS labs around the world that employ numerous forensic 
experts who examine digital evidence for use in legal cases. Grant Thornton 
employs forensic software called Summation (a Web-based legal document, 
electronic data, and transcript review platform that supports litigation teams) 
and Forensic Toolkit (used to scan a hard drive to find a variety of infor- 
mation, including deleted emails and text strings, to crack encryption). 
The software from AccessData provides a combination of mobile forensics, 
computer forensics, and functions for encoding and reviewing multilingual 
documents.*# 

Proper handling of a computer forensics investigation is the key to 
fighting computer crime successfully in a court of law. In addition, exten- 
sive training and certification increases the stature of a computer forensics 
investigator in a court of law. Numerous certifications relate to computer 
forensics, including the CCE (Certified Computer Examiner), CISSP (Certified 
Information Systems Security Professional), CSFA (CyberSecurity Forensic 
Analyst), and GCFA (Global Information Assurance Certification Certified 
Forensics Analyst). The EnCE Certified Examiner program certifies profes- 
sionals who have mastered computer investigation methods as well as the 
use of Guidance Software’s EnCase computer forensic software. Numerous 
universities (both online and traditional) offer degrees specializing in com- 
puter forensics. Such degree programs should include training in account- 
ing, particularly auditing, as this is very useful in the investigation of cases 
involving fraud. 

Table 2.7 provides a list of questions that should be asked when an orga- 
nization is evaluating its readiness for a security incident. 
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TABLE 2.7 Questions to be considered when evaluating an organization’s readiness 
for a security incident 


Question Yes No 


Has a risk assessment been performed to identify investments in time and resources that 
can protect the organization from its most likely and most serious threats? 


Have senior management and employees involved in implementing security measures been 
educated about the concept of reasonable assurance? 


Has a security policy been formulated and broadly shared throughout the organization? 
Have automated systems policies been implemented that mirror written policies? 


Does the security policy address the following: 

© Email with executable file attachments? 

® Wireless networks and devices? 

e Use of smartphones deployed as part of corporate rollouts as well as those purchased 
by end users? 


Is there an effective security education program for employees and contract workers? 
Has a layered security solution been implemented to prevent break-ins? 

Has a firewall been installed? 

Is antivirus software installed on all personal computers? 

Is the antivirus software frequently updated? 

Have precautions been taken to limit the impact of malicious insiders? 

Are the accounts, passwords, and login IDs of former employees promptly deleted? 
Are employee responsibilities adequately defined and separated? 


Are individual roles defined so that users have authority to perform their responsibilities 
and nothing more? 


Is it a requirement to review at least quarterly the most critical Internet security threats and 
implement safeguards against them? 


Has it been verified that backup processes for critical software and databases work correctly? 


Has an intrusion detection system been implemented to catch intruders in the act—both in 
the network and on critical computers on the network? 


Are periodic IT security audits conducted? 
Has a comprehensive incident response plan been developed? 
Has the security plan been reviewed and approved by legal and senior management? 


Does the plan address all of the following areas: 
© Incident notification? 

Protection of evidence and activity logs? 
Incident containment? 

Eradication? 

Incident follow-up? 


Critical Security Self-Assessment 


Thinking 3 SOCIAL RESPONSIBILITY, DATA PROTECTION 
Exercise 


Use Table 2.6 to conduct a security self-assessment and answer the following 
questions. 


Review Questions 


1. What test did you fail? 
2. Which of the failed situations is most critical to address? 
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Critical Thinking Questions 


1. What specific actions will you take to improve your self-assessment? 

2. Should individuals with insecure systems be allowed to access public networks? 
Should they be fined or penalized in some way if their lax security measures 
are found to have enabled a cyberattack? 


Principle: 


Computer crime is a serious and rapidly growing area of concern requiring 
management attention. 

Increasing computing complexity, an increase in the prevalence of bring 
your own device (BYOD) policies, use of software with known vulnerabilities, 
and the increasing sophistication of those who would do harm have caused 
a dramatic increase in the number, variety, and severity of security incidents. 

Many different types of people are responsible for cyberattacks with the 
four most predominant being the careless insider, the cybercriminal, malicious 
insider, and hacktivists. 

An attack vector is the technique used to gain unauthorized access to a 
device or a network; it is a means used to initiate a cyberattack. Advanced 
persistent threats, blended threats, phishing, rootkits, smishing, social engi- 
neering, spam, Trojan horses, viruses, vishing, and worms are all examples of 
attack vectors. 

Ransomware, distributed denial of service attacks, data breach, cyberespi- 
onage, and cyberterrorism are cyberattacks that pose serious threats. 

The Department of Homeland Security (DHS) has the responsibility to 
provide for a “safer, more secure America, which is resilient against terrorism 
and other potential threats.” The agency’s Office of Cybersecurity and Commu- 
nications is responsible for enhancing the security, resilience, and reliability of 
U.S. cyber and communications infrastructure. 

The U.S. Computer Emergency Readiness Team (US-CERT) is a partner- 
ship between DHS and the public and private sectors that was established to 
protect the nation’s Internet infrastructure against cyberattacks by serving as 
a clearinghouse for information on new viruses, worms, and other computer 
security topics. 

There are five broad areas of impact caused by a serious cyberattack: 
(1) the direct impact on the assets of the organization plus the likely decline 
in stock price, (2) the impact caused by business disruption and the inability 
to operate in an effective manner, (3) the recovery cost to repair affected sys- 
tems and recover lost data, (4) the legal consequences of monetary penalties 
for failure to comply with data protection laws and lawsuits, and (5) reputation 
damage which causes loss of customers and future business. 

Five federal laws that address computer crime are the Computer Crime and 
Abuse Act, the Fraud and Related Activity in Connection with Access Devices 
Statute, the Identity Theft and Assumption Deterrence Act, the Stored Wire and 
Electronic Communication and Transactional Records Access Act, and the USA 
Patriot Act. 


Principle: 


Organizations must take strong measures to ensure secure, private, and 
reliable computing experiences for their employees, customers, and 
business partners. 
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The security practices of organizations worldwide are focused on ensuring 
confidentiality, maintaining integrity, and guaranteeing the availability of 
systems and data. This is known as the CIA security triad. 

No organization can ever be completely secure from attack; however, a 
layered security solution makes cyberattacks so difficult that an attacker even- 
tually gives up or is detected before much harm is inflicted. Security measures 
must be planned for, designed, implemented, tested, and maintained at the 
organization, network, application, and end-user layers to achieve true security. 

Security measures at the organizational level must include implementing a 
security strategy, conducting a risk assessment, developing a disaster recovery 
plan in conjunction with a business continuity plan, defining and enforcing 
security policies, performing security audits, complying with regulatory 
standards, and monitoring all key security performance measures. 

Security measures at the network level include authenticating users, install- 
ing firewalls, the judicious use of routers, encryption of messages and data, and 
the use of proxy servers and virtual private networks. 

Security measures at the application level include authenticating users, 
careful definition of user roles and accounts, and data encryption. 

Security measures at the end-user level include security education, end user 
authentication, antivirus software, and data encryption. 

The concept of reasonable assurance in connection with IS security recog- 
nizes that managers must use their judgment to ensure that the cost of control 
does not exceed the system’s benefits or the risks involved. 

Eight steps that must be taken to perform a thorough security risk assess- 
ment include: (1) identify the set of IT assets that are most critical, (2) identify 
the loss events that could occur, (3) assess the frequency of events or likelihood 
of each potential threat, (4) determine the impact of each threat, (5) determine 
how to mitigate each threat, (6) assess the feasibility of implementing the mit- 
igation options, (7) perform a cost-benefit analysis, and (8) make the decision 
on whether or not to implement a particular countermeasure. 

No security system is perfect, so systems and procedures must be mon- 
itored to detect a possible intrusion. If an intrusion occurs, there must be a 
clear reaction plan that addresses notification, evidence protection, activity log 
maintenance, containment, eradication, and follow-up. 

Many organizations outsource their network security operations to a man- 
aged security service provider (MSSP), which is a company that monitors, man- 
ages, and maintains computer and network security for other organizations. 

Organizations must be knowledgeable of and have access to trained 
experts in computer forensics to identify, collect, examine, and preserve data 
from computer systems, networks, and storage devices in a manner that pre- 
serves the integrity of the data gathered so that it is admissible as evidence in 
a court of law. 


antivirus software 

attack vector 

biometric authentication 
botnet 

bring your own device (BYOD) 
business continuity plan 

CIA security triad 

computer forensics 


cyberespionage 


cyberterrorism 

data breach 

Department of Homeland Security (DHS) 
disaster recovery plan 

distributed denial-of-service (DDoS) attack 
encryption 

encryption key 

exploit 

failover 
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firewall risk assessment 
intrusion detection system (IDS) security audit 
managed security service provider (MSSP) security policy 
mission-critical processes Transport Layer Security (TLS) 
next-generation firewall (NGFW) U.S. Computer Emergency Readiness Team (US-CERT) 
ransomware virus signature 
reasonable assurance zero-day attack 
Self-Assessment Test 
Computer crime is a serious and rapidly growing c. Identity Theft and Assumption Deterrence Act 
area of concern requiring management attention. d. Stored Wire and Electronic Communications 
WM eey ee aver eae or Things is help- and Transactional Records Access Statute 
ing to curb the number of cyberattacks. True or Organizations must take strong measures to ensure 
False? secure, private, and reliable computing experi- 
2. The perpetrator most likely to be the cause of a ences for their employees, customers, and business 
cyberattack is the : partners. 


a. cybercriminal 

b. malicious insider 
c. hacktivist 

d. careless insider 


8. The four levels at which the CIA security triad 

must be implemented include 

a. interorganizational, enterprise, workgroup, 
and personal 


3. AG) is the technique used b. tier 1, tier 2, tier 3, and tier 4 
to gain unauthorized access to a device or a c. organizational, network, application, 
network. and end user 

4. A blended threat, phishing, and virus are all d. organization, business unit, department, 
examples of a(n) individual 

5. A form of cyberattack that is estimated to occur 9. Each user should conduct a security 
every 10 seconds against an individual in the Pelmaseccomenttcat. Tue or False? 
US. is - - . ; 10. There are steps that must 
a. distributed denial-of-service attack be taken to perform a thorough security risk 
b. ransomware assessment. 
c. data breach a. three 
d. social engineering b. five 

6. One of the consequences of a successful cyber- ESNE 
attack that can lead to monetary penalties for d. eight 
organizations that failito comply with data 11. Five actions an organization must take in the 


protection regulations is 
a. business disruption 
b. expulsion from industry sponsored 
organizations 
c. recovery cost 12. 
d. legal consequences 
7. A federal law that focuses on unlawful access to 
stored communications to obtain, alter, or pre- 
vent authorized access to a wire or electronic 13. 
communication while it is in electronic storage. 
a. Computer Fraud and Abuse Act 
b. Fraud and Related Activity in Connection with 
Access Devices Statute 


event of a successful cyberattack include inci- 
dent notification, protection of evidence and 
activity logs, incident containment, eradication, 
and incident ‘ 

An organization that monitors, manages, and 
maintains computer and network security for 
other organizations is called a 
service provider. 

Computer forensics is a discipline that combines 
elements of and computer 
science. 
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Self-Assessment Test Answers 


NAW RAYNE 


False 

d 

attack vector 
attack vector 
b 

d 

d 


8. 
or 
10. 
11. 
12 
13. 


c 
True 

d 

follow-up 
managed security 
law 


Review and Discussion Questions 


1. 


W g 


Provide four reasons why computer incidents 
are so prevalent. Which of these do you think is 
the most significant? Why? 

List the four perpetrators most likely to initiate a 
cyberattack. 

What is the meaning of attack vector? 

Identify three commonly used attack vectors. 
List five cyberattacks that pose serious threats to 
an organization. 

List all the likely consequences of a major data 
breach. Which of these are likely to be the most 
serious and long lasting? 

Identify five federal laws aimed at preventing 
computer crime. 

Discuss how the CIS security triad can be imple- 
mented at the organizational level to safeguard 
against cyberattacks. 


Use Table 2.6 to conduct a security self-assessment. 


Identify specific follow-up actions you need to 
take. 


10. 


13: 
14. 


You are going to perform a security risk assess- 
ment for your small company. What steps must 
be taken? 

Deciding if a cyberattack is serious enough 
to warrant shutting down or disconnect- 

ing a critical system from the network is an 
action associated with which action of the 
response plan? 


. What actions can a managed security service 


provider take to improve the security of an 
organization? 

Define the term computer forensics. 

Hundreds of a bank’s customers have called the 
customer service call center to complain that 
they are receiving text messages on their phone 
telling them to log on to a Web site and enter 
personal information to resolve an issue with 
their account. What are all the potential conse- 
quences of this attack? What actions should the 
bank take? 


Business-Driven Decision-Making Exercises 


1. 


It appears that someone is using your firm’s 
corporate directory—which includes job titles 
and email addresses—to contact senior manag- 
ers and directors via email. The email requests 
that the recipient click on a URL, which leads 
to a Web site that looks as if it were designed 
by your human resources organization. Once 
at this phony Web site, the employees are 
asked to confirm the bank and account number 
to be used for electronic deposit of their 
annual bonus check. You are a member of the 
IS Security unit. How should you respond to 
this threat? 


2: 


A successful distributed denial-of-service attack 
requires the downloading of software that turns 
unprotected computers into zombies under the 
control of the malicious hacker. Which perpetra- 
tors are most likely to initiate such an attack? What 
harm can a denial-of-service attack cause? Suppose 
that the federal government were proposing new 
legislation that would impose a fine on the owners 
of the zombie computers as a means of encour- 
aging people to better safeguard their computers. 
Would you support this legislation? Why or why 
not? Can you identify other approaches to reduce 
the number of denial-of-service attacks? 
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Teamwork and Collaboration Activities 


1. You and your team have been hired to improve 
the computer security of the computer labs at 
the business college of a small local university. 
Identify the four classes of perpetrators most 
likely to initiate a cyberattack against the com- 
puter lab. Identify the cyberthreats that pose the 
most serious threat. How can the CIA security 
triad be implemented to protect the lab? 


2. Have you and your team members conduct a 
security self-assessment of your computer and 
usage habits. What common issues do you 
find? How can you go about eliminating these 
issues? Do you expect that the other students 
in your class have these same issues? Why or 
why not? 


Career Exercises 


1. Do research to determine typical starting salaries 
for someone with a four-year degree in com- 
puter forensics. What is the future demand for 
individuals trained in computer forensics? Do 
further research to find three universities that 
offer four-year degrees specializing in computer 
forensics. Compare the three programs and 
choose the one you think is best. Why did you 
choose this university? 

2. You are one of the top students in your univer- 
sity’s computer science program of 100 students, 
and you have agreed to meet with a recruiter 


from the Department of Homeland Security. 
Over dinner, he talks to you about the increas- 
ing threat of cyberterrorist attacks launched on 
the United States by foreign countries and the 
need to counter those attacks. The agency has 
a strong need for people that can both develop 
and defend against zero-day exploits that could 
be used to plant malware in the software used 
by the government and military computers. At 
the end of the dinner, the recruiter turns to you 
and asks: “Would such a role be of interest to 
you?” How do you respond? 


æ GLOBAL, DATA PROTECTION 


Security Consultant Suffers Cyberattack 

Deloitte is one of the biggest professional services compa- 
nies in the world based on both revenue ($38.8 billion in 
2017) and number of professionals (over 263,000). It pro- 
vides audit, tax, management consulting, financial advisory 
services, and cybersecurity guidance to over 85 percent of 
the Fortune 500 companies and more than 6,000 private 
and middle market companies around the world. Its global 
headquarters is in New York. 

In April 2017, the company discovered that its global 
email server had been hacked starting six months earlier. 
The hackers gained access to the system through an admin- 
istrative account that granted them privileged, unrestricted 
access to all areas. Apparently, the account required just a 
single password and did not have two-step verification. 

Deloitte offers its clients advice on how to manage the 
risks posed by sophisticated cyberattacks. It also operates 
a CyberIntelligence Center to provide clients with around- 
the-clock business focused operational security. In 2012, 
Deloitte was ranked the best cybersecurity consultant in the 
world. The firm earns a portion of its $12 billion a year in 
consulting fees from these services. The breach was a deep 
embarrassment for the firm. 

The use of email is interwoven into the operational fab- 
ric of the modern organization and is used to communicate 


all sorts of sensitive information—new product plans, mar- 
keting strategies, merger and acquisition tactics, product 
designs, patent data, copyrighted material, and trade secrets. 
The server that was breached contained the emails of some 
350 clients including the U. S. State Department, Depart- 
ment of Homeland Security, Department of Defense, Energy 
Department, and the U. S. Postal Service. Also compromised 
were the emails of the United Nations, National Institute of 
Health, and housing giants Fannie Mae and Freddie Mac, 
plus some of the world’s biggest multinationals. In addition 
to emails, the hackers had potential access to usernames, 
passwords, and IP addresses. 

Initially Deloitte kept the breach secret electing to 
inform only a handful of senior partners, six clients the 
firm knew to have been directly impacted by the attack, 
and lawyers at international law firm Hogan Lovells. The 
Washington-based firm was retained to provide legal advice 
and assistance about the potential fallout from the hack. 

Deloitte formed a team consisting of security ana- 
lysts and experts from both within and outside the firm 
to conduct a formal inquiry to the breach. The goals were 
to understand how this happened, assess the scope of the 
incident, determine what the attacker targeted, evaluate the 
potential impact to clients, and determine the appropriate 
cyber-security response. After six months elapsed time, the 
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team determined that the attacker was no longer in the 
email system, ascertained that there had been no business 
disruption to any of its clients, and recommended additional 
steps to enhance Deloitte’s overall security. The team was 
unable to determine whether a lone wolf, business rivals, or 
state-sponsored hackers were responsible. 

The attack illustrates that any organization can fall prey 
to a cyberattack—even those whose specialty is to stop them. 


Critical Thinking Questions 


1. Identify what you believe to be the area of most 
severe consequences for Deloitte—direct impact, busi- 
ness disruption, recovery, legal, or reputation. Justify 
your response. 

2. How would you evaluate Deloitte’s response to this 
cyberattack? What did they do well? Where could they 
have done better? 


3. Identify the three highest priority changes that need 
to be made to the Deloitte security program. 
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Principles 


An ethical decision- 

making process and a code 
of ethics can guide you as 
you confront the many eth- 
ical dilemmas associated 
with information systems. 


The use of technology 
requires balancing the 
needs of those who use the 
information that is collected 
against the rights of those 
whose information is being 
used. 


Software developers must 
make trade-offs between 
project schedules, project 
costs, system reliability, and 
software quality. 


Learning Objectives 


Explain the difference between ethical and legal. 


Identify five reasons for an organization to promote a work environment 
where employees are encouraged to act ethically. 


Outline a five-step ethical decision-making process. 
Define the primary intent and two key elements of an effective code of ethics. 
Identify four benefits of following a professional code of ethics. 


Summarize the differences between U.S. and EU fair information practices. 


Identify three subject areas where measures have been taken to protect per- 
sonal data. 


Identify four measures you should take to protect your personal privacy. 
Discuss the tradeoffs between security and privacy. 


Discuss how three U.S. federal statutes protect citizens from government 
surveillance while at the same time authorize the government to collect data. 


Discuss how the First Amendment and anonymous expression safeguard 
our freedom of speech. 


Describe the impact of censorship on the operation of Internet service providers. 


Identify measures taken to address defamation, hate speech, and pornog- 
raphy on the Internet. 


Distinguish between a high-quality software system and safety-critical system. 


Give three reasons why developing a safety-critical system takes longer 
and is more expensive. 

Identify two ethical dilemmas that software developers face when building 
high-quality or safety-critical systems. 
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IS in Action 


Facebook and Cambridge Analytica 


Æ SOCIAL AND ETHICAL ISSUES, TECHNOLOGY IN SOCIETY 


Cambridge Analytica was a British political consulting firm whose Web site claimed it used 
data to change audience behavior—both commercially and politically. The firm paid a 
Soviet-born researcher named Aleksandr Kogan and his company Global Science Research 
$800,000 to collect basic profile data of Facebook users including what they chose to 
“Like.” This was done through an app called This Is Your Digital Life that prompted users 
to answer questions to develop a psychological profile. 

Some 300,000 Facebook users downloaded Kogan’s app. The app’s terms of service 
disclosed that it would collect data on users and their Facebook friends if their privacy set- 
tings allowed it. The data gathering occurred during 2013 at which time Facebook allowed 
third-party developers to build and offer their own applications and collect information on 
friends of those who chose to use their apps. It was not until 2014 that Facebook modified 
its rules to limit a developer’s access to user data. This ensured that a third-party was no 
longer able to access a user’s friend’s data without gaining permission first. 

In the 2016 election, Donald Trump’s team hired Cambridge Analytica who may have 
used the This Is Your Digital Life data to develop psychographic profiles of American voters 
and deliver pro-Trump material to them online based on their profile. (Psychographics is 
the study and classification of people according to their attitudes, aspirations, and other 
psychological criteria. It includes data about a person’s buying habits, hobbies, spend- 
ing habits, and values.) This is a matter of contention as some executives at Cambridge 
Analytica have denied that any of the data was used in connection to the Trump campaign. 
Another point of contention is whether Cambridge Analytica’s psychographic profiles are 
effective as some of the firm’s clients claim they saw little value in them. 

In March 2018, The Guardian and The New York Times reported that (when including 
friends of users) some 50 million Facebook profiles were harvested for Cambridge Analytica. 
This revelation and its implications ignited a firestorm that threatened to further downgrade 
the already frayed reputation of the embattled social media giant. Facebook shares dropped 
22%, from a high of $218 to $171 in the two weeks following disclosure of this event. The 
number of Facebook users affected was later revised to as many as 87 million. 

It took five days after the news broke before there was any response from Facebook. 
CEO Mark Zuckerberg posted a lengthy response on his personal Facebook page, apol- 
ogizing for the company’s failure to protect its user’s data and announcing changes to 
the platform intended to do just that. The delay in Facebook communications about the 
incident further angered Facebook users. Two weeks after the reports were published, 
Zuckerberg took out full-page ads in several British and American newspapers to apol- 
ogize for a “breach of trust.” “Pm sorry we didn’t do more at the time. We’re now taking 
steps to ensure that this doesn’t happen again,” he said in the ads. 

Facebook settled previous privacy complaints with the U.S. Federal Trade Commission 
(FTC) by agreeing to get clear consent from users before sharing their data with others. 
The FTC is now investigating whether Facebook violated the terms of that 2011 consent 
decree. If Facebook is found to have violated this agreement, it is facing potential penal- 
ties of up to $40,000 per user per day, which could in theory add up to billions of dollars. 

The Cambridge Analytica incident is yet another example that shows that average social 
media users do not know how their data is being used. Their personal data can be taken 
away for companies, organizations, and campaigns to use in a variety of ways. A combina- 
tion of improved user education, clearer privacy notices, and increased regulation is needed 
to avoid future such incidents at Facebook and other social media networks and services. 


As you read about corporate and individual responsibility, consider the 
following: 

e How can you include ethical factors in your decision-making process? 

e How can you protect sensitive personal data? 
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Why Learn about Corporate and Individual 
Accountability? 


Opportunities and threats surround a wide range of nontechnical issues associated with the use of infor- 
mation systems and the Internet. Some of the key issues involve avoiding violations of privacy; balancing 
security and privacy while collecting personal data; implementing measures to safeguard freedom of 
speech; and making tradeoffs between cost, time, and features when developing information systems. It 
is essential that you have some basis to guide you in making ethical decisions in dealing with these issues 
and acting with integrity. 

If you become a member of the human resources, information systems, or legal department within 
an organization, you will likely be challenged with leading your organization in dealing with these and 
other issues related to information systems. Also, as a user of information systems and the Internet, it is 
in your own self-interest to become well versed on these issues and to learn what measures you can take 
to protect your personal privacy. Developing a better understanding of the topics covered in this chapter 
will help you to manage in an ethical manner and avoid technology-related problems. 

Computer-based information systems provide organizations with significant benefits including 
increased profits, superior goods and services, and higher quality of work life. Computers have become 
such valuable tools that most businesspeople today have difficulty imagining how they would accomplish 
their work without them. Yet, the use of information systems has brought with it concerns about the 
information privacy rights of individuals, censorship versus freedom of information, the safety of users, 
and the negative impact of information systems on the work environment. 

No business organization, and hence, no information system, operates in a vacuum. All IS profes- 
sionals, business managers, and users have a responsibility to see that the potential consequences of IS 
use are fully considered. Even entrepreneurs, especially those who use computers and the Internet, must 
be aware of the potential personal and social impact of computers. 


What Is Ethics? a a 


ethics: The set of principles about Ethics is the set of principles about what is right and wrong that individuals 
what is right and wrong that individuals use to make choices to guide their decisions. Ethical behavior conforms to 
noi choices to guide thiir generally accepted norms, which may change over time to meet the evolving 
i needs of society or a group of people who share similar laws, traditions, and 
values that provide structure to enable them to live in an organized manner. 
Ethics help members of a group understand their roles and responsibilities, so 
that they can work together to achieve mutual benefits such as security, access 

to resources, and the pursuit of life goals. 

Although nearly everyone would agree that certain behaviors—such as 
lying and cheating—are wrong, opinions about what constitutes right and 
wrong behavior can vary dramatically. For example, attitudes toward software 
piracy—a form of copyright infringement that involves making copies of soft- 
ware or enabling others to access software to which they are not entitled— 
range from strong opposition to acceptance of the practice as a standard 
approach to conducting business. According to the Business Software Alliance 
(BSA), the global rate of software piracy stands at around 37 percent of soft- 
ware installed on personal computers; however, over a dozen countries have 
a rate exceeding 80 percent.’ In many of these countries, users simply cannot 
afford software licenses, pirated copies are readily available at cut-rate prices, 
and software piracy has become an accepted business practice. 

Individual views of what behavior is ethical may by impacted by a person’s 
age, cultural group, ethnic background, religion, life experiences, education, 
and gender along with many other factors. Even within the same society, peo- 
ple can have strong disagreements over important ethical issues. In the United 
States, for example, issues such as abortion, stem cell research, the death 
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penalty, marijuana usage, and gun control are continuously debated, and peo- 
ple on both sides of these debates feel that their arguments are on solid moral 
ground. The reality is that the world has many systems of beliefs about what 
is right and wrong, each with many proponents. 


Ethical Versus Legal 


Law is a system of rules that tells us what we can and cannot do. Laws are 
enforced by a set of institutions (the police, courts, and law-making bodies). 
Violation of a law can result in censure, fines, and/or imprisonment. Laws in 
the United States are made by the various local, state, and federal legislatures. 
Sometimes the laws of these various jurisdictions are in conflict, creating con- 
fusion and uncertainty. In addition, laws are not static; new laws are constantly 
being introduced and existing laws repealed or modified. As a result, the precise 
meaning of a particular law may be different in the future from what it is today. 

Legal acts conform to the law. Ethical acts conform to what an individual 
believes to be the right thing to do. Laws can proclaim an act as legal, although 
many people may consider the act unethical. Examples of this include abor- 
tion or possession of an automatic weapon. Laws may also proclaim an act as 
illegal, although many people may consider the act ethical. Examples of this 
include using marijuana to relieve stress and nausea for people undergoing 
chemotherapy treatment for cancer. 

Laws raise important and complex issues concerning equality, fairness, and 
justice, but do not provide a complete guide to ethical behavior. Just because 
an activity is defined as legal does not mean that it is ethical (see Figure 3.1). 
As a result, practitioners in many professions subscribe to a code of ethics 
that states the principles and core values that are essential to their work and, 
therefore, govern their behavior. The code can become a reference point for 
helping an individual determine what is legal and what is ethical; however, an 
individual will also be guided by his/her set of morals. 


FIGURE 3.1 Ethical 


The Difference Between 
Acting Ethically and Acting 


Legally Ethical Ethical 
and and 
illegal legal 
Illegal Legal 
Unethical Unethical 
and and 
illegal legal 
Unethical 


Fostering Corporate Social Responsibility and 
Good Business Ethics 


Organizations have at least five good reasons to promote a work environment 
in which employees are encouraged to act ethically when making business 
decisions: 


e Gaining the goodwill of the community 

e Creating an organization that operates consistently 

e Fostering good business practices 

e Protecting the organization and its employees from legal action 
e Avoiding unfavorable publicity 
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Gaining the Goodwill of the Community 

Although organizations exist primarily to earn profits or provide services to 
customers, they also have some fundamental responsibilities to society. Com- 
panies often declare these responsibilities in specific corporate social respon- 
sibility (CSR) goals. 

All successful organizations, including technology firms, recognize that they 
must attract and maintain loyal customers. Philanthropy is one way in which 
an organization can demonstrate its values in action and make a positive con- 
nection with its customers, employees, suppliers, business partners, and other 
parties. As a result, many organizations initiate or support socially responsible 
activities. These activities may include making contributions to charitable orga- 
nizations and nonprofit institutions, providing benefits for employees in excess 
of any legal requirements, and devoting organizational resources to initiatives 
that are more socially desirable than profitable. Here a few examples of some 
of the CSR activities supported by major IT organizations. 


e Dell employees donated over $1.2 million to disaster relief organiza- 
tions worldwide and contributed over 23,000 hours in disaster relief 
efforts. In addition, the Michael and Susan Dell Foundation commit- 
ted $36 million in relief efforts to support the Hurricane Harvey relief 
efforts. Many of Harvey’s victims were based in Dell’s home state of 
Texas. Overall, Dell employees spent over 809,000 hours volunteering 
for various causes in 2017.” 

e During 2017, Microsoft donated more than $1.2 billion in software and 
services and an additional $1 billion in cloud technology to non-profits 
and university researchers. Its employees donated $149 million to various 
charities. The company is also working to bring broadband connectivity 
to 2 million people in rural America by 2022.3 

e Oracle has a multi-pronged set of CSR initiatives aimed at advancing 
education, protecting the environment, and enriching community life. 
Its Oracle Academy and Oracle Education Foundation help students 
develop technical skills and build their creativity. The company is a 
leader in sustainability and is ranked in the top 10 percent of companies 
in this arena. Oracle donated millions of dollars in cash to nonprofit 
organizations and its employees in 45 countries donated 110,000 hours 
of their time to support nonprofit organizations.‘ 


The goodwill that CSR activities generate can make it easier for corpora- 
tions to conduct their business. For example, a company known for treating its 
employees well will find it easier to compete for the top job candidates. On the 
other hand, businesses that are not socially responsible run the risk of alienat- 
ing their customer base. A study of more than 10,000 shoppers in ten different 
countries revealed that more than 90 percent are likely to switch to brands that 
support a socially responsible cause, given similar price and quality. In addition, 
90 percent of the shoppers surveyed would boycott a company if they learned 
that the firm engaged in socially irresponsible business practices. Indeed, 55 
percent of the respondents had already done so in the previous year.’ 


Creating an Organization That Operates Consistently 


Organizations develop and abide by values to create an organizational culture 
and to define a consistent approach for dealing with the needs of their stake- 
holders. Stakeholders include shareholders, employees, customers, suppliers, 
and the community. Such consistency ensures that employees know what is 
expected of them and can employ the organization’s values to help them in 
their decision making. Consistency also means that shareholders, customers, 
suppliers, and the community know what they can expect of the organization. 
With consistency, the company will behave in the future much as it has in 
the past. It is especially important for multinational or global organizations to 
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present a consistent face to their shareholders, customers, and suppliers no 
matter where those stakeholders live or operate their business. Although each 
company’s value system is different, many share the following values: 


e Operate with honesty and integrity, staying true to organizational principles 
e Operate according to standards of ethical conduct, in words and action 

e Treat colleagues, customers, and consumers with respect 

e Strive to be the best at what matters most to the organization 

e Value diversity 

e Make decisions based on facts and principles 


Fostering Good Business Practices 


In many cases, good ethics can mean good business and improved profits. 
Companies that produce safe and effective products avoid costly recalls 
and lawsuits. (The recall of the weight loss drug Fen-Phen cost its maker, 
Wyeth-Ayerst Laboratories, almost $14 billion in awards to victims, many of 
whom developed serious health problems due to taking the drug.°) Companies 
that provide excellent service retain their customers instead of losing them to 
competitors. Companies that develop and maintain strong employee relations 
enjoy lower turnover rates and better employee morale. Suppliers and other 
business partners often place a priority on working with companies that oper- 
ate in a fair and ethical manner. All these factors tend to increase revenue and 
profits while decreasing expenses. As a result, ethical companies should tend 
to be more profitable over the long term than unethical companies. 

On the other hand, bad ethics can lead to bad business results. Bad 
ethics can have a negative impact on employees, many of whom may develop 
negative attitudes if they perceive a difference between their own values and 
those stated or implied by an organization’s actions. In such an environment, 
employees may suppress their tendency to act in a manner that seems ethical 
to them and instead act in a manner that will protect them against anticipated 
punishment. When such a discrepancy between employee and organizational 
ethics occurs, it destroys employee commitment to organizational goals and 
objectives, creates low morale, fosters poor performance, erodes employee 
involvement in organizational improvement initiatives, and builds indifference 
to the organization’s needs. 


Protecting the Organization and Its Employees from Legal Action 

In a 1909 ruling (United States v. New York Central & Hudson River Railroad 
Co.), the U.S. Supreme Court established that an employer can be held respon- 
sible for the acts of its employees even if the employees act in a manner 
contrary to corporate policy and their employer’s directions.’ The principle 
established is called respondeat superior, or “let the master answer.” 

When it was uncovered that employees of Wells Fargo Bank opened over 2 
million credit card accounts not authorized by its customers, the bank was fined 
over $185 million and ordered to pay customers full restitution for any fees or 
charges they may have incurred. The practice began at least as early as 2011 and 
was an attempt by thousands of bank employees to achieve their sales targets 
for cross-selling and be rewarded with higher sales bonuses.® Cross-selling is the 
practice of selling existing customers multiple products. The products included 
savings accounts, checking accounts, auto loans, mortgages, and credit cards. 
Cross-selling to existing customers is less costly than locating and selling to 
brand new customers. It also tends to lock existing customers into your bank. 


Avoiding Unfavorable Publicity 

The public reputation of a company strongly influences the value of its stock, 
how consumers regard its products and services, the degree of oversight it 
receives from government agencies, and the amount of support and cooperation 
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FIGURE 3.2 


Five-step ethical decision- 
making process 


problem statement: A clear, 
concise description of the issue that 
needs to be addressed. 


it receives from its business partners. Thus, many organizations are motivated 
to build a strong ethics program to avoid negative publicity. If an organization 
is perceived as operating ethically, customers, business partners, shareholders, 
consumer advocates, financial institutions, and regulatory bodies will usually 
regard it more favorably. 

Prominent ad buyers and marketers are angry with Facebook after finding 
out that the world’s largest online social network service greatly exaggerated 
the average viewing time of video ads on its platform. This is a key metric used 
by advertisers in deciding how much to spend on Facebook video versus other 
video services such as You Tube, Twitter, and TV networks. It turns out that 
Facebook was not including views of 3 seconds or less in calculating its average 
view time resulting in overestimating viewing time by 60 to 80 percent.? Some 
advertising industry analysts believe that the new viewing time results and bad 
publicity associated with the incident will impact the future placement of tens 
of billions of advertising dollars. 


Including Ethical Considerations in Decision Making 


We are all faced with difficult decisions in our work and in our personal life. 
Most of us have developed a decision-making process that we execute auto- 
matically, without thinking about the steps we go through. For many of us, the 
process generally follows the steps outlined in Figure 3.2. 


Evaluate results 


Identify alternatives 


Develop problem statement 


The following sections discuss this decision-making process further and point 
out where and how ethical considerations need to be brought into the process. 


Develop a Problem Statement 


A problem statement is a clear, concise description of the issue that needs 
to be addressed. A good problem statement answers the following questions: 
What do people observe that causes them to think there is a problem? Who is 
directly affected by the problem? Is anyone else affected? How often does the 
problem occur? What is the impact of the problem? How serious is the problem? 

Development of a good problem statement is the most critical step in the 
decision-making process. Without a clear statement of the problem or the 
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decision to be made, it is useless to proceed. If the problem is stated incor- 
rectly, the chances of solving the real problem are greatly diminished. The 
following list includes one example of a good problem statement as well as 
two examples of poor problem statements: 


e Good problem statement: Our product supply organization is continu- 
ally running out of stock of finished products, creating an out-of-stock 
situation on over 15 percent of our customer orders, resulting in over 
$300,000 in lost sales per month. 

e Poor problem statement: We need to implement a new inventory control 
system. (This is a possible solution, not a problem statement. Pursuing 
this course of action will surely be expensive and time-consuming and, 
may or may not, solve the underlying problem.) 

e Poor problem statement: We need to install cameras and monitoring 
equipment to put an end to theft of finished product in the warehouse. 
(Again, this is a possible solution, not a problem statement. And are there 
sufficient facts to support the hypothesis of theft in the warehouse?) 


You must gather and analyze facts to develop a good problem statement. 
Seek information and opinions from a variety of people (include those who expe- 
rience the problem first hand and those who will be affected by any changes) 
to broaden your frame of reference. During this process, you must be extremely 
careful not to make assumptions about the situation and carefully check key facts 
for validity. Simple situations can sometimes turn into complex controversies 
because no one takes the time to gather and analyze the real facts. 


Identify Alternatives 

During this stage of decision making, it is ideal to enlist the help of others to 
identify several alternative solutions to the problem. You will especially want 
to enlist the help of those with first-hand knowledge of the situation or those 
who will be affected by the decision. Brainstorming with others will increase 
your chances of identifying a broad range of alternatives and determining the 
best solution. On the other hand, there may be times when it is inappropriate 
to involve others in solving a problem that you are not at liberty to discuss. In 
providing participants information about the problem to be solved, offer just 
the facts, without your opinion, so that you don’t influence others to accept 
your solution. 

During any brainstorming process, try not to be critical of ideas, as any neg- 
ative criticism will tend to shut down the discussion, and the flow of ideas will 
dry up. Simply write down the ideas as they are suggested and ask questions 
only to gain a clearer understanding of the proposed solution. 


Choose an Alternative 

Once a set of alternatives has been identified, the group must evaluate them 
based on numerous criteria, such as effectiveness of addressing the issue, the 
extent of risk associated with each alternative, cost, and time to implement. 
An alternative that sounds attractive but that is not feasible will not help solve 
the problem. 

As part of the evaluation process, weigh various laws, guidelines, and prin- 
ciples that may apply. You certainly do not want to violate a law that can lead 
to a fine or imprisonment for yourself or others. Do any corporate policies or 
guidelines apply? Does the organizational code of ethics offer guidance? Do 
any of your own ethics apply? 

Consider the likely consequences of each alternative from several perspec- 
tives: What is the impact on you, your organization, other stakeholders (includ- 
ing your suppliers and customers), and the environment? Does this alternative 
do less harm than other alternatives? 
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professional code of ethics: 

A statement of the principles and core 

values that that an organization wishes 
to develop in its leaders and members. 


The alternative selected should be ethically and legally defensible to a collec- 
tion of your co-workers and peers, and it must be defensible to your profession’s 
governing body of ethics. You need to be consistent with the organization’s pol- 
icies and code of ethics and take into account the impact on others. Last, your 
alternative must provide a good solution to the problem. 


Implement the Decision 

Once an alternative is selected, it should be implemented in an efficient, effec- 
tive, and timely manner. This is often much easier said than done, because 
people tend to resist change. In fact, the bigger the change, the greater is the 
resistance to it. Communication is the key to helping people accept a change. 
It is imperative that someone whom the stakeholders trust and respect answer 
the following questions: 


e Why are we doing this? 
e What is wrong with the current way we do things? 
e How will the change benefit us? 


A transition plan must be defined to explain to people how they will 
move from the old way of doing things to the new way. It is essential that the 
transition be seen as relatively easy and pain free. It may be necessary to train 
the people affected, provide incentives for making the change in a successful 
fashion, and modify the reward system to encourage new behaviors consistent 
with the change. 


Evaluate the Results 


After the solution to the problem has been implemented, monitor the results 
to see if the desired effect was achieved, and observe its impact on the organi- 
zation and the various stakeholders. Were the success criteria fully met? Were 
there any unintended consequences? Was the implementation poorly executed? 
This evaluation may indicate that further refinements are needed. If so, return 
to the problem development step, refine the problem statement as necessary, 
and work through the process again. 


Professional Code of Ethics 


A professional code of ethics states the principles and core values that an 
organization wishes to develop in its leaders and members. The primary intent 
of a code of ethics is to define desired behavior. For example, doctors adhere to 
varying versions of the 2,000-year-old Hippocratic oath, which medical schools 
offer as an affirmation to their graduating classes. Most codes of ethics created 
by professional organizations have two main parts: The first outlines what the 
organization aspires to become, and the second typically lists rules and princi- 
ples by which members of the organization are expected to abide. Many codes 
also include a commitment to continuing education for those who practice the 
profession. 

Laws do not provide a complete guide to ethical behavior, and a profes- 
sional code of ethics cannot be expected to provide an answer to every ethical 
dilemma. However, following a professional code of ethics can produce four 
key benefits for an individual, a profession, and society as a whole: 


e Improve ethical decision making—Adherence to a professional code of 
ethics means that practitioners use a common set of core values and 
beliefs as a guideline for ethical decision making. 

e Set high standards of practice and ethical behavior—Adherence to a code 
of ethics reminds professionals of the responsibilities and duties that 
they may be tempted to compromise to meet the pressures of day-to-day 
business. The code also defines acceptable and unacceptable behaviors 
to guide professionals in their interactions with others. Strong codes of 
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ethics have procedures for censuring professionals for serious violations, 
with penalties that can include the loss of the right to practice. Such 
codes are the exception, however, and few exist in the IT arena. 

e Engender trust and respect from the general public—Public trust is built 
on the expectation that a professional will behave ethically. People must 
often depend on the integrity and good judgment of a professional to 
tell the truth, abstain from giving self-serving advice, and offer warnings 
about the potential negative side effects of their actions. Thus, adherence 
to a code of ethics enhances trust and respect for professionals and their 
profession. 

e Provide an evaluation benchmark—A code of ethics provides an evalua- 
tion benchmark that a professional can use as a means of self-assessment. 
Peers of the professional can also use the code for recognition or censure. 


No one information systems professional organization has emerged as 
preeminent, so there is no universal code of ethics for IS workers. However, 
the existence of such organizations is useful in a field that is rapidly growing 
and changing. To stay on top of the many new developments in their field, 
IS workers need to network with others, seek out new ideas, and continually 
build on their personal skills and expertise. Even if you are a freelance 
programmer or the CIO of a Fortune 500 company, membership in an orga- 
nization of IS workers enables you to associate with others of similar work 
experience, develop working relationships, and exchange ideas. These orga- 
nizations disseminate information through email, periodicals, Web sites, social 
media, meetings, and conferences. Furthermore, in recognition of the need 
for professional standards of competency and conduct, many of these organi- 
zations have developed codes of ethics which can be found at their Web site. 
Some of the most prominent IS-related professional organizations include the 
merged Computer Technology Industry Association (CompTIA) and Associ- 
ation of Information Technology Professionals (AITP), Association for Com- 
puting Machinery (ACM), Association for Women in Computing, Independent 
Computer Consultants Association, Institute of Electrical and Electronics Engi- 
neers Computer Society (IEEE-CS), Network Professional Association, and the 
SysAdmin, Audit, Network, Security (SANS) Institute. 


Critical An Unhappy Employee 


Thinking 
: Æ SOCIAL AND ETHICAL ISSUE 
Exercise soc CAL ISSUES 


You are the customer support manager for a small software manufacturer. The 
newest addition to your 10-person team is Elliot, a recent college computer science 
graduate. She is a little overwhelmed by the volume of calls, but is learning quickly 
and doing her best to keep up. Today, over lunch, one of the other members of your 
team informed you that she overheard a phone conversation in which it sounded 
like Elliot was talking with a headhunter and expressing unhappiness with her 
current situation. You’re shocked and alarmed. You had no idea she was unhappy, 
and your team desperately needs her help to handle the onslaught of calls gen- 
erated by the newest release of software. If you’re going to lose her, you’ll need 
to find a replacement quickly. Should you confront Elliot and demand to know 
her intentions? Should you avoid any confrontation and simply begin seeking her 
replacement? Is some other action appropriate? Follow the five-step process for 
ethical decision making to decide what your next steps should be. 


Review Questions 


1. What are the facts of the situation? 
2. Develop a clear problem statement of this situation. 
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Critical Thinking Questions 
1. Identify alternatives to address this situation. Should you involve others in this? 
2. Choose an alternative and defend your actions. 


Information Systems and Privacy 


FIGURE 3.3 


Governments and organiza- 
tions gather a variety of data 
about people 


The use of information systems in both government and business requires bal- 
ancing the needs of those who use the information that is collected against the 
rights and desires of the people whose information is being used. Information 
about people is gathered, stored, analyzed, and reported because organizations 
including government agencies can use it to make better decisions. Some of 
these decisions, including whether or not to hire a job candidate, approve a 
loan, or offer a scholarship, can profoundly affect people’s lives. 

The global marketplace and intensified competition have increased the 
importance of knowing consumers’ purchasing habits and financial condition. 
Companies use this information to target marketing efforts to consumers who 
are most likely to buy their products and services. Organizations also need basic 
information about customers to serve them better. It is hard to imagine an orga- 
nization having productive relationships with its customers without having data 
about them. Thus, organizations want systems that collect and store key data 
from every interaction they have with a customer. The information might include 
financial data, medical history, work history, and so on, as shown in Figure 3.3. 

Many people object to the data collection policies of governments and 
businesses on the grounds that they strip individuals of the power to control 
their own personal information. For these people, the existing hodgepodge 
of privacy laws and practices fails to provide adequate protection. Instead, 
it causes confusion that promotes distrust and skepticism, which are further 
fueled by additional disclosures of threats to privacy. 


A combination of approaches—new laws, technical solutions, and privacy 
policies—is required to balance the scales. Reasonable limits must be set on 
government and business access to personal information, new information and 
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fair information practices: 
A term for a set of guidelines that 
govern the collection and use of 
personal data. 


General Data Protection 
Regulation (GDPR): A set of data 
privacy requirements that apply across 
the European Union and apply as 

well to organizations that market to or 
process information of EU end users, 
customers, or employees. 
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communication technologies must be designed to protect rather than diminish 
privacy, and appropriate corporate policies must be developed to set baseline 
standards for people’s privacy. 


Measures Protecting Personal Data 


Fair information practices is a term for a set of guidelines that govern the 
collection and use of personal data. Various organizations as well as countries 
have developed their own set of such guidelines and call them by different 
names. The overall goal of such guidelines is to stop the unlawful storage of 
personal data, eliminate the storage of inaccurate personal data, and prevent 
the abuse or unauthorized disclosure of such data. For some organizations 
and some countries, a key issue is the flow of personal data across national 
boundaries (transborder data flow). Fair information practices are important 
because they form the underlying basis for many national laws addressing data 
privacy and data protection issues. Europe has been more active in this area 
than the United States. 

The General Data Protection Regulation (GDPR) is a set of data privacy 
requirements that apply across the European Union including non-EU organi- 
zations that market to or process information of individuals in the European 
Union. In general, it increases the rights of individuals and gives them more con- 
trol over their information. GDPR places obligations on organizations to obtain 
the consent of people they collect information about and to better manage this 
data. This includes putting in place a data protection officer and data protection 
policies, performing data protection assessments, providing training for employ- 
ees to ensure that they are aware of their responsibilities related to personal 
data, and having written documentation explaining how data is processed. 

Individuals may ask an organization to provide the data they hold about 
them, at no charge, using a Subject Access Request which must be honored 
within one month. In the event of a data breach, organizations have 72 hours 
to notify authorities. The GDPR imposes significant fines for organizations 
found to be in violation. Organizations with minor violations are subject to 
fines of up to £10 million ($13.1 million USD) or 2 percent of a firm’s global 
revenue (whichever is greater). Organizations found to have major violations 
are subject to fines of up to £20 million ($26.2 million USD) or 4 percent of a 
firm’s global revenue.’ 

The United Kingdom’s Tesco Bank was hit with a data breach that impacted 
some 40,000 customer accounts, with money taken from half of them. Tesco 
Bank refunded £2.5 million ($3.2 million USD) to its account customers fol- 
lowing the attack. If the GDPR had been in effect at the time of the breach, 
Tesco Bank’s parent company could have been facing a fine of nearly £2 billion 
($2.5 billion USD). 

The situation in regards to fair information practices in the United States 
is much different. Although numerous laws have been implemented over time, 
no single, overarching national data privacy policy has been developed in the 
United States. Nor is there an established advisory agency that recommends 
acceptable privacy practices to businesses. Instead, there are laws that address 
potential abuses by the government, with little restrictions for private industry. 
Legislation that protects people from data privacy abuses by corporations is 
almost nonexistent. The various major federal laws that govern data privacy 
can be divided into the following topics: financial data, health information, and 
children’s personal data. 


Financial Data 

Individuals must reveal much of their personal financial data to take advan- 
tage of the wide range of financial products and services available, including 
credit cards, checking and savings accounts, loans, payroll direct deposit, and 
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Fair Credit Reporting Act: 
Regulates the operations of credit- 
reporting bureaus, including how 
they collect, store, and use credit 
information. 


Right to Financial Privacy Act: 
Protects the records of financial 
institutions’ customers from 
unauthorized scrutiny by the federal 
government. 


Fair and Accurate Credit 
Transactions Act: Allows 
consumers to request and obtain a 
free credit report once each year from 
each of the three primary consumer 
credit reporting companies (Equifax, 
Experian, and TransUnion). 


brokerage accounts. To access many of these financial products and services, 
individuals must use a personal logon name, password, account number, or 
PIN. The inadvertent loss or disclosure of this personal financial data carries a 
high risk of loss of privacy and potential financial loss. Individuals should be 
concerned about how this personal data is protected by businesses and other 
organizations and whether it is shared with other people or companies. 


Fair Credit Reporting Act (15 U.S.C. § 1681) 


The Fair Credit Reporting Act regulates the operations of credit-reporting 
bureaus, including how they collect, store, and use credit information. The 
act, enforced by the U.S. Federal Trade Commission, is designed to ensure the 
accuracy, fairness, and privacy of information gathered by the credit-reporting 
companies and to provide guidelines for organizations whose systems that 
gather and sell information about people. The act outlines who may access 
your credit information, how you can find out what is in your file, how to dis- 
pute inaccurate data, and how long data is retained. It also prohibits a credit- 
reporting bureau from giving out information about you to your employer or 
potential employer without your written consent. 

Consumer credit reporting agency TransUnion was fined $60 million for vio- 
lation of three FCRA provisions: (1) failure to follow “reasonable procedures to 
ensure maximum possible accuracy of the information” contained in the plain- 
tiffs’ consumer reports, (2) failure to clearly and accurately disclose all the infor- 
mation in the plaintiffs’ consumer reports upon their request, and (3) failure to 
provide plaintiffs with a summary of their rights under the FCRA. TransUnion 
had mistakenly identified individuals as drug lords and terrorists because their 
names were similar to names found on a list kept by the Treasury Department." 
Many companies both large and small are targets for FCRA lawsuits and need 
to ensure that they are in compliance with FCRA and state regulations. 


Right to Financial Privacy Act (12 U.S.C. § 3401) 


The Right to Financial Privacy Act protects the records of financial institutions’ 
customers from unauthorized scrutiny by the federal government. Under this act, 
a customer must receive written notice that a federal agency intends to obtain 
their financial records, along with an explanation of the purpose for which the 
records are sought. Customers must also be given written procedures to follow if 
they do not wish the records to be made available. The financial institution can- 
not release a customer’s financial records until the government authority seeking 
the records certifies in writing that it has complied with the applicable provi- 
sions of the act. The act only governs disclosures to the federal government; it 
does not cover disclosures to private businesses or state and local governments. 
The act allows for civil penalties, liability, and disciplinary action for agencies 
or departments of the United States or financial institutions for noncompliance. 


Fair and Accurate Credit Transactions Act (Public Law 108-159) 


The Fair and Accurate Credit Transactions Act was passed in 2003 as an 
amendment to the Fair Credit Reporting Act, and it allows consumers to request 
and obtain a free credit report once each year from each of the three primary 
consumer credit reporting companies (Equifax, Experian, and TransUnion). 
The act also helped establish the National Fraud Alert system to help prevent 
identity theft. Under this system, consumers who suspect that they have been 
or may become a victim of identity theft can place an alert on their credit files. 
The alert places potential creditors on notice that they must proceed with 
caution when granting credit. 


Health Information 

The use of electronic medical records and the subsequent interlinking and 
transferring of this electronic information among different organizations has 
become widespread. Individuals are rightly concerned about the erosion of 
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Health Insurance Portability 
and Accountability Act (HIPAA) 
(Public Law 104-191): 

Requires health care organizations 

to employ standardized electronic 
transactions, codes, and identifiers to 
enable them to fully digitize medical 
records, thus making it possible to 
exchange medical data over the 
Internet. 


American Recovery and 
Reinvestment Act Title XIII: 
Includes strong privacy provisions 

for electronic health records (EHRs), 
including banning the sale of health 
information, promoting the use of audit 
trails and encryption, providing rights 
of access for patients, and mandating 
that each individual whose health 
information has been exposed be 
notified within 60 days after discovery 
of a data breach. 
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privacy of data concerning their health. They fear intrusions into their health 
data by employers, schools, insurance firms, law enforcement agencies, and 
even marketing firms looking to promote their products and services. 


Health Insurance Portability and Accountability Act (HIPAA) 
(Public Law 104-191) 


The Health Insurance Portability and Accountability Act (HIPAA) requires 
health care organizations to employ standardized electronic transactions, codes, 
and identifiers to enable them to fully digitize medical records, thus making it 
possible to exchange medical data over the Internet. Under the HIPAA provi- 
sions, health care providers must obtain written consent from patients prior to 
disclosing any information in their medical records. Thus, patients need to sign 
a HIPAA disclosure form each time they are treated at a hospital, and such a 
form must be kept on file with their primary care physician. In addition, health 
care providers are required to keep track of everyone who receives information 
from a patient’s medical file. 

The penalties for noncompliance are based on the level of negligence, 
and violations can also carry criminal charges that can result in jail time. The 
University of Texas MD Cancer Center was fined $4.3 million for theft of unen- 
crypted patient data from an employee’s laptop and two USB thumb drives.” 

HIPPA assigns responsibility to health care organizations for certifying that 
their business partners (billing agents, insurers, debt collectors, research firms, 
government agencies, and charitable organizations) also comply with HIPAA 
security and privacy rules. This provision of HIPAA is a major concern for many 
health care executives, as they do not have direct control over the systems and 
procedures that their partners implement. 


American Recovery and Reinvestment Act (Public Law 111-5) Title XIII 


The American Recovery and Reinvestment Act Title XIII, also known as the 
Health Information Technology for Economic and Clinical Health Act (HITECH), 
included strong privacy provisions for electronic health records (EHRs). These 
provisions included banning the sale of health information, promoting the 
use of audit trails and encryption, providing rights of access for patients, and 
mandating that each individual whose health information has been exposed 
be notified within 60 days after discovery of a data breach. It also provided 
funding and incentives to accelerate the adoption of standard and interoperable 
health information systems by awarding payments to health care organizations 
that could demonstrate meaningful use of such systems. 

An electronic health record (EHR) is a comprehensive view of a patient’s 
complete medical history designed to be shared with authorized providers 
and staff across multiple health care organizations. It is a digital history of 
the patient’s medical history, diagnoses, and treatments. EHRs enable health 
care providers to track changes in patient health care data over time; identify 
patients due for vaccinations, screenings, or check-ups; and monitor key patient 
parameters such as blood glucose levels, blood pressure, and weight. Electronic 
health records vendors must certify that their software satisfies criteria based 
on a thorough evaluation by an accredited testing body. 

A lawsuit was filed against 62 Indiana hospitals claiming that the hospitals 
systematically falsified records and defrauded taxpayers of more than $300 
million. The lawsuit claimed the hospitals falsified records to meet the require- 
ments required to show meaningful use of electronic systems and receive 
incentive payments." 


Children’s Personal Data 

Many people feel that there is a need to protect children from being exposed 
to inappropriate material and online predators; becoming the target of harass- 
ment; divulging personal data; and becoming involved in gambling or other 
inappropriate behavior. To date, only a few laws have been implemented to 
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Family Educational Rights and 
Privacy Act (FERPA): Assigns 
certain rights to parents regarding their 
children’s educational records. 


Children’s Online Privacy 
Protection Act (COPPA): States 
that any Web site that caters to 
children must offer comprehensive 
privacy policies, notify parents or 
guardians about its data collection 
practices, and receive parental 
consent before collecting any personal 
information from children under 

13 years of age. 


protect children online, and several of these have been ruled unconstitutional 
under the First Amendment and its protection of freedom of expression. 


Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g) 


Family Educational Rights and Privacy Act (FERPA) is a federal law that 
assigns certain rights to parents regarding their children’s educational records. 
These rights transfer to the student once the student reaches the age of 18, or 
earlier, if the student attends a school beyond the high school level. These rights 
include the right to demand that educational records be disclosed only with stu- 
dent consent; the right to amend educational records; and the right to file com- 
plaints against a school for disclosing educational records in violation of FERPA. 


Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. 
§§ 6501-6506), 


According to Children’s Online Privacy Protection Act (COPPA), any Web 
site that caters to children must offer comprehensive privacy policies, notify 
parents or guardians about its data collection practices, and receive parental 
consent before collecting any personal information from children under 13 
years of age. COPPA was implemented in 1998 to give parents more control 
over the collection, use, and disclosure of their children’s personal informa- 
tion; it does not cover the dissemination of information to children. The law 
has had a major impact and has required many companies to spend hundreds 
of thousands of dollars to make their Web sites compliant; other companies 
eliminated preteens as a target audience. 

A class-action lawsuit was filed against Walt Disney Company by a group of 
parents for privacy violations involving children by allowing Twitter, comScore, 
Upsight, Unity Technology, and Kochava to embed code that tracked young 
children using 42 Disney apps including the popular “Where’s My Water?”, 
“Princess Palace Pets,” and “Moana Island Life.” The lawsuit alleges that Disney 
allowed the software companies to embed trackers in these apps that could 
extract information from the smart device for advertising and other purposes. 


Web Site Privacy Policy 


Most organizations feel a strong need to create a privacy policy that describes 
how it gathers, stores, shares, and sells data about its visitors. They recognize 
that many countries around the world have laws requiring privacy policies if 
their organization operates in their jurisdiction, or if it collects information from 
their citizens. In addition, if your organization has any interactions or relation- 
ships with third-party apps or services (e.g. Google AdSense, Google Analytics, 
Facebook Lead Ads, Amazon Affiliates), a privacy policy will be required for 
you to use the service. 

The Better Business Bureau recommends that a privacy notice should be 
based on the following five elements: 


e Notice (what personal information is being collected on the site) 

e Choice (what options the customer has about how/whether personal 
data is collected and used) 

e Access (how a customer can see what data has been collected and 
change/correct it if necessary) 

e Security (state how any data that is collected is stored/protected) 

e Redress (what customer can do if privacy policy is not met) 


There are numerous privacy policy generators available online, however, 
be sure to customize the standard template to accommodate the laws in the 
legal jurisdiction in which your organization operates and the type of business 
in which you are engaged. 
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Individual Efforts to Protect Privacy 


Although numerous state and federal laws deal with privacy, the laws do not 
completely protect individual privacy. In addition, not all companies have pri- 
vacy policies. As a result, many people are taking steps to increase their own 
privacy protection. Steps that you can take to protect your personal privacy 
include the following: 


e Find out what is stored about you in existing databases. Call the 
major credit bureaus to get a copy of your credit report. You are 
entitled to a free credit report every 12 months from each of the 
three major consumer reporting agencies (Equifax, Experian, and 
TransUnion). You can also obtain a free report if you have been denied 
credit in the last 60 days. Note that the only Web site authorized by 
federal law to provide the free credit reports is AnnualCreditReport. 
com. Other Web sites claim to offer free credit reports but actually 
charge consumers, sometimes on an ongoing basis, for access to their 
credit report.!° The major companies are Equifax (www.equifax.com), 
TransUnion (www.transunion.com), and Experian (www.experian. 
com). You can also submit a Freedom of Information Act request 
to a federal agency that you suspect might have information stored 
on you. 

e Be careful when you share information about yourself. Don’t share 
information unless it is absolutely necessary. Every time you give infor- 
mation about yourself through an 800, 888, or 900 call, your privacy is at 
risk. Be vigilant in insisting that your doctor, bank, or financial institution 
not share information about you with others without your written con- 
sent. Don’t do online shopping or banking over public Wi-Fi networks 
as your communications can be easily intercepted. Keep personal infor- 
mation such as your birth date, place of birth, home address, and phone 
number off social networks. 

e Be proactive in protecting your privacy. You can get an unlisted 
phone number and ask the phone company to block caller ID systems 
from reading your phone number. If you change your address, don’t 
fill out a change-of-address form with the U.S. Postal Service; you 
can notify the people and companies that you want to have your new 
address. Destroy copies of your charge card bills and shred monthly 
statements before disposing of them in the garbage. Be careful about 
sending personal email messages over a corporate email system. 

You can also cut down on the junk mail and telemarketing calls you 
receive by visiting the Direct Marketing Association Web site (www 
.thedma.org). Go to the site and look under Consumer Help-Remove 
Name from Lists. 

e Take extra care when purchasing anything from a Web site. Make 
sure that you safeguard your credit card numbers, passwords, and 
personal information. Do not do business with a site unless you know 
that it handles credit card information securely. (Look for a seal of 
approval from organizations such as the Better Business Bureau Online 
or TRUSTe. When you open the Web page where you enter credit card 
information or other personal data, make sure that the Web address 
begins with https and check to see if a locked padlock icon appears 
in the Address bar or status bar.) Do not provide personal informa- 
tion without reviewing the site’s data privacy policy. Many credit card 
companies will issue single-use credit card numbers on request. Charges 
appear on your usual bill, but the number is destroyed after a single use, 
eliminating the risk of stolen credit card numbers. 
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Critical 
Thinking 
Exercise 


HIPAA Regulations Raise Concern 
Æ SOCIAL AND ETHICAL ISSUES 


HIPAA requires that health care organizations, as the originators of individual medi- 
cal data, certify that their business partners (billing agents, insurers, debt collectors, 
research firms, government agencies, and charitable organizations) also comply 
with HIPAA security and privacy rules. This provision of HIPAA is particularly 
worrisome to executives of health care organizations since they do not have direct 
control over the systems and procedures that their partners implement. 


Review Questions 


1. Which HIPAA provisions do you think cause the most concern for health 
care executives in regards to the systems and procedures that their partners 
implement? 

2. Which business partners of a health care organization do you think are most 
likely to run afoul of HIPAA provisions? Why? 


Critical Thinking Questions 

1. What measures might a health care organization take to ensure that its business 
partners are compliant with key HIPAA provisions? 

2. What actions should a health care organization take if it discovers that one of 
its business partners is non-complaint with HIPAA provisions? 


Information Systems and Government Surveillance ~ ’ 2 


Fourth Amendment: Protects us 
from illegal searches and seizures. 


It is important to gain a historical perspective on the right to privacy from govern- 
ment surveillance. During the debates on the adoption of the U.S. Constitution, 
some of the drafters expressed concern that a powerful federal government would 
intrude on the privacy of individual citizens. After the Constitution went into 
effect in 1789, several amendments were proposed that would spell out additional 
rights of individuals. Ten of these proposed amendments were ultimately ratified 
and became known as the Bill of Rights. So, although the Constitution does not 
contain the word privacy, the U.S. Supreme Court has ruled that the concept of 
privacy is protected by the Bill of Rights. For example, the Supreme Court has 
stated that American citizens are protected by the Fourth Amendment when there 
is a “reasonable expectation of privacy.” 
The Fourth Amendment reads as follows: 


The right of the people to be secure in their persons, houses, papers, 
and effects, against unreasonable searches and seizures, shall not 

be violated, and no Warrants shall issue, but upon probable cause, 
supported by Oath or affirmation, and particularly describing the place 
to be searched, and the persons or things to be seized. 


It is important to note that the courts have ruled that without a reasonable 
expectation of privacy, there is no privacy right. 

In recent years, new laws addressing government electronic surveillance 
have been added and old laws amended in reaction to the development of 
new communication technologies and a heightened awareness of potential 
terrorist threats. The net result is that the scope of government surveillance has 
greatly expanded—going from collecting data on as few people as necessary 
to collecting as much data as possible on as many people as possible. 

Many of the resulting surveillance activities are viewed by some as an 
unconstitutional violation of the Fourth Amendment, which protects us from 
illegal searches and seizures. As a result, there are frequent court challenges to 
these government actions, as well as an ongoing public debate about whether 
such activities make Americans safer or simply erode our rights to privacy. 
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Some people also feel that our basic rights of freedom of expression and asso- 
ciation are violated when the U.S. government conducts widespread electronic 
surveillance on U.S. citizens. For instance, some people who belong to particular 
ethnic, religious, and social groups (including political activists on both ends of 
the political spectrum) are concerned that private data collected by the govern- 
ment could at some point be used to identify and target them and their associates. 
There is also concern that our past communications may be used in the future to 
implicate us in crimes that were once private and innocent acts. Many individuals 
are also concerned about the potential for a data breach in which personal data 
stored by the government falls into the hands of criminals. 

On the other hand, many Americans feel that the U.S. government is obli- 
gated to do all that it can do to provide for the security of its citizens, even it 
means violating some of the rights designed to protect our privacy. After all, 
they argue, if you are not doing anything “wrong” you should have no con- 
cerns. Listed below are the 21 government agencies authorized to conduct sur- 
veillance activities while Table 3.1 summarizes some of the many government 
surveillance systems in place today 


TABLE 3.1 Government surveillance systems 


System/ 
Program Used by How Used 
Automatic Law enforcement agencies, ALPRs snap photos and document the location of vehicles; some 
license plate including the U.S. Drug systems can also photograph drivers and passengers. ALPRs are used 
readers (ALPR) Enforcement Administration to snag red-light runners and to identify motorists with outstanding 
and the U.S. Customs and arrest warrants, overdue parking tickets, and delinquent tax bills. 
Border Protection agency 
Backscatter Law enforcement, agencies, Backscatter scanners can scan vehicles as well as individuals 
imaging including the U.S. Customs and crowds at public events to search for currency, drugs, and 
scanners and Border Protection explosives. 
agency, maritime police, 
general aviation security, 
and event security 
Drones Law enforcement agencies, Drones are unmanned aerial vehicles used to support operations that 
including the U.S. Customs require aerial surveillance. 
and Border Protection agency 
MYSTIC National Security Agency MYSTIC is used by the NSA to intercept and record all telephone con- 
(NSA) versations in certain countries, including Afghanistan, the Bahamas, 
Mexico, Kenya, and the Philippines. Because there is no practical way 
to exclude them, the conversations captured by MYSTIC include those 
of Americans who make calls to or from the targeted countries." 
Downstream National Security Agency PRISM is an NSA surveillance program that collects Internet data, such 
(formerly (NSA) as search histories; photos sent and received; and the contents of email, 
PRISM) file transfers, and voice and video chats from the servers of AOL, Apple, 
Facebook, Google, Microsoft, Paltalk, Skype, Yahoo, and YouTube. 
Secure Flight Transportation Security Secure Flight is an airline passenger prescreening program that checks 
Program Agency (TSA) travelers’ personal information against the TSA’s passenger watch list. 
Stingray Law enforcement agencies Stingray is a type of hardware device used to impersonate a cell tower, 
forcing all mobile phones within range to connect to it. The device can 
then capture information that can be used to identify and locate users 
and the phone numbers they call or text. 
Surveillance Law enforcement agencies, Tens of millions of surveillance cameras are installed in the United 
cameras National Security Agency, States and over 250 million worldwide. The average U.S. urban dweller 
others. is captured on camera over 50 times/day. The images are used for 
intelligence gathering, the prevention and investigation of crime, and 
the protection of individuals or objects. 
Upstream National Security Agency Collects communications as they travel over the Internet high capacity 


(NSA) backbone links. 
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Central Intelligence Agency 

National Reconnaissance Office 

Federal Bureau of Investigation 

Office of Intelligence and Analysis 

Drug Enforcement Agency 

Department of Energy 

Defense Intelligence Agency 

National Geospatial-Intelligence Agency 

Bureau of Intelligence and Research 

Department of Treasury 

Department of Homeland Security 

Office of the Director of National Intelligence 
National Security Agency 

Intelligence and Counterintelligence of the Army, 
Intelligence and Counterintelligence of the Navy 
Intelligence and Counterintelligence of the Air Force 
Intelligence and Counterintelligence of the Marine Corps 
Intelligence and Counterintelligence of the Coast Guard 
Department of State 

Office of National Security Intelligence 

Office of Intelligence and Counterintelligence 


Federal Statutes That Protect Citizens from Government 
Surveillance 


There are many federal statutes that protect citizens from government surveil- 
lance. Summaries of the more significant statutes are included in the following 
sections of this chapter. 


Foreign Intelligence Surveillance Act (FISA) (50 U.S.C.) 


FISA, passed by Congress in 1978, describes procedures for the electronic sur- 
veillance and collection of foreign intelligence information in communications 
(e.g., phone calls, emails) between foreign powers and the agents of foreign 
powers. Foreign intelligence is information relating to the capabilities, inten- 
tions, or activities of foreign governments or agents of foreign governments or 
foreign organizations. The act allows surveillance, without court order, within 
the United States for up to a year unless the “surveillance will acquire the con- 
tents of any communication to which a U.S. person is a party.” If a U.S. citizen 
is involved, judicial authorization is required within 72 hours after surveillance 
begins. The act also specifies that the U.S. attorney general may request a 
specific communications common carrier (a company that provides communi- 
cations transmission services to the public) to furnish information, facilities, or 
technical assistance to accomplish the electronic surveillance. 

FISA requires the government to obtain an individualized court order 
before it can intentionally target a U.S. person anywhere in the world to collect 
the content of his/her communications. The FISA court must be satisfied, based 
on a probable cause standard, that the U.S. person is an agent of a foreign 
power or an officer or employee of a foreign power. The FISA act also created 
the Foreign Intelligence Surveillance Act (FISA) court, which meets in secret to 
hear applications for orders approving electronic surveillance anywhere within 
the United States. Each application for a surveillance warrant is made before 
an individual judge of the court. Such applications are rarely turned down. 

Section 702 of FISA was added in 2008 and allows intelligence agencies 
to gather foreign intelligence from non-Americans located outside the United 
States. However, if a U.S. citizen is communicating with a non-U.S. citizen out- 
side the United States, their conversations can be monitored and recorded. This 
incidental collection is a major point of contention among privacy advocates. 
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While many argue that this represents a violation of the Fourth Amendment’s 
guarantee against unreasonable searches and seizures, a six-year extension of 
this controversial amendment was approved in January 2018. 


USA PATRIOT Act (Uniting and Strengthening America by Providing 
Appropriate Tools Required to Intercept and Obstruct Terrorism) 
(Public Law 107-56) 


This act was passed just 5 weeks after the terrorist attacks of September 11, 
2001. It gave sweeping new powers both to domestic law enforcement and U.S. 
international intelligence agencies. It increased the ability of law enforcement 
agencies to search telephone, email, medical, financial, and other records. 

Title II of the Patriot Act amended FISA and greatly expanded the scope 
of surveillance permitted under U.S. law. Foreign intelligence could now be 
gathered from both U.S. citizens and foreigners, government agencies no longer 
needed to prove that a target is an agent of a foreign power, and the maxi- 
mum duration of surveillance and investigations was lengthened. In addition, 
law enforcement agencies were authorized to break into and enter premises 
without the owner’s consent and stealthily search the premises using so-called 
sneak and peak warrants. Roving wiretaps were allowed so that anyone who 
comes into contact with a suspected terrorist can be wiretapped. 

Critics have argued that the law removed many checks and balances that 
previously gave courts the opportunity to ensure that law enforcement agencies 
did not abuse their powers. Critics also argue that many of its provisions have 
nothing to do with fighting terrorism. 


USA Freedom Act 


This act was passed in 2015 following startling revelations by Edward Snowden. 
He was a former government contractor who copied and leaked classified infor- 
mation from the National Security Agency in 2013. The information was about 
secret NSA surveillance programs. Here is a partial list of those revelations: 


e U.S. phone companies had been providing the NSA with ail their 
customers records, not just metadata. This metadata from the U.S. phone 
companies included phone numbers called and called from, the time 
contact was made, how long the call was, and the number of characters 
exchanged in text messages. 

e The NSA had been spying on over 120 world leaders, including German 
Chancellor Angela Merkel, a U.S. ally. 

e The NSA has developed a variety of tools to circumvent widely used 
Internet data encryption methods. 

e An NSA team of expert hackers called the Tailored Access Operations 
hack into computers worldwide to infect them with malware. 

e The Foreign Intelligence Surveillance Court reprimanded the NSA for 
frequently providing misleading information about its surveillance 
practices. 


The USA Freedom Act terminated the bulk collection of telephone records 
and Internet metadata by the NSA. Instead, telecommunications providers are 
now required to hold the data and respond to NSA queries on the data. The 
bill authorizes the government to collect from the phone companies up to “two 
hops” of call records related to a target—provided the government can prove 
it has reasonable suspicion that the target is linked to a terrorist organization. 

During 2017, the NSA obtained orders as required by this Act to target 
40 individuals. These authorizations enabled the agency to gather over 
500 million call records from telecom providers as the requests allow the NSA 
to access metadata from every single person a target has been in contact with.’ 
The 2017 call records total is far less than the estimated billions of records 
collected per day under the NSA’s old bulk surveillance system. 
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Critical 
Thinking 
Exercise 


Voicing Your Opinion on Government Surveillance 
æ SOCIAL AND ETHICAL ISSUES 


You have a meeting with your U.S. Senator to voice your opinion on government 
surveillance programs and to share the changes you wish to see made to the FISA, 
Patriot, and Freedom Acts. 


Review Questions 

1. Are there specific measures of these Acts which you support? If so, what are they? 

2. Are there specific measures of these Acts which you do not support? If so, 
what are they? 


Critical Thinking Questions 

1. What changes would you recommend to these three Acts and the government 
surveillance program in general? 

2. Would you recommend additional federal statutes related to government surveil- 
lance? If so, please summarize the key features you wish to see implemented. 


Information Systems and Freedom of Expression 5 a 


First Amendment: Protects 
Americans’ rights to freedom of 
religion, freedom of expression, and 
freedom to assemble peaceably. 


The Internet enables a worldwide exchange of news, ideas, opinions, rumors, 
and information. Its broad accessibility, open discussions, and anonymity 
make the Internet a remarkable communications medium. It provides an easy 
and inexpensive way for a speaker to send a message to a large audience— 
potentially thousands or millions of people worldwide. In addition, given the 
right email addresses, a speaker can aim a message with laser accuracy at a 
select subset of powerful and influential people. 

People must often make ethical decisions about how to use such incred- 
ible freedom and power. Organizations and governments have attempted to 
establish policies and laws to help guide people, as well as to protect their own 
interests. Businesses have sought to conserve corporate network capacity, avoid 
legal liability, and improve worker productivity by limiting the nonbusiness 
use of IT resources. 


Measures Protecting Freedom of Speech 


Information technology has provided amazing new ways for people to commu- 
nicate with others around the world. This section discusses measures that have 
been taken to help safeguard our ability to communicate freely. 


First Amendment 


The right to freedom of expression is one of the most important rights for free 
people. The First Amendment to the U.S. Constitution was adopted to guarantee 
this right and others. Over the years, many federal, state, and local laws have 
been found unconstitutional because they violated one of the tenets of this 
amendment. The First Amendment reads as follows: 


“Congress shall make no law respecting an establishment of religion, or 
prohibiting the free exercise thereof; or abridging the freedom of speech, 
or of the press; or the right of the people peaceably to assemble, and to 
petition the government for a redress of grievances.” 


In other words, the First Amendment protects Americans’ rights to free- 
dom of religion, freedom of expression, and freedom to assemble peaceably. 
This amendment has been interpreted by the Supreme Court as applying to the 
entire federal government, even though it only expressly refers to Congress. 
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Numerous court decisions have broadened the definition of speech to include 
nonverbal, visual, and symbolic forms of expression, such as flag burning, dance 
movements, and hand gestures. Sometimes the speech at issue is unpopular or 
highly offensive to most people; however, the Bill of Rights provides protection 
for minority views. The Supreme Court has also ruled that the First Amendment 
protects the right to speak anonymously as part of the guarantee of free speech. 

The Supreme Court has held that the following types of speech are not 
protected by the First Amendment and may be forbidden by the government: 
perjury, fraud, defamation, obscene speech, incitement of panic, incitement 
to crime, “fighting words,” and sedition (incitement of discontent or rebellion 
against a government). 


Anonymity on the Internet 
anonymous expression: The Anonymous expression is the expression of opinions by people who do 
expression of opinions by people who not reveal their identity. The freedom to express an opinion without fear of 
domottevealtheiridentiiy; reprisal is an important right of a democratic society. Anonymity is even more 
important in countries that don’t allow free speech. However, in the wrong 
hands, anonymous communication can be used as a tool to commit illegal or 
unethical activities. 

Anonymous political expression played an important role in the early for- 
mation of the United States. Before and during the American Revolution, patri- 
ots who dissented against British rule often used anonymous pamphlets and 
leaflets to express their opinions. England had a variety of laws designed to 
restrict anonymous political commentary, and people found guilty of breaking 
these laws were subject to harsh punishment—from whippings to hangings. A 
famous case in 1735 involved a printer named John Zenger, who was prose- 
cuted for seditious libel because he wouldn’t reveal the names of anonymous 
authors whose writings he published. The authors were critical of the governor 
of New York. The British were outraged when the jurors refused to convict 
Zenger, in what is considered a defining moment in the history of freedom of 
the press in the United States. 

Other democracy supporters often authored their writings anonymously or 
under pseudonyms. For example, Thomas Paine was an influential writer, phi- 
losopher, and statesman of the Revolutionary War era. He published a pamphlet 
called Common Sense, in which he criticized the British monarchy and urged 
the colonies to become independent by establishing a republican government 
of their own. Published anonymously in 1776, the pamphlet sold more than 
500,000 copies, at a time when the population of the colonies was estimated to 
have been less than 4 million; it provided a stimulus to produce the Declaration 
of Independence six months later. 

Despite the importance of anonymity in early America, it took nearly 200 
years for the Supreme Court to render rulings that addressed anonymity as 
an aspect of the Bill of Rights. One of the first rulings was in the 1958 case 
of National Association for the Advancement of Colored People (NAACP) v. 
Alabama, in which the court ruled that the NAACP did not have to turn over 
its membership list to the state of Alabama. The court believed that members 
could be subjected to threats and retaliation if the list were disclosed and that 
disclosure would restrict a member’s right to freely associate, in violation of 
the First Amendment. 

Maintaining anonymity on the Internet is important to some computer 
users. They might be seeking help in an online support group, reporting 
defects about a manufacturer’s goods or services, taking part in frank discus- 
sions of sensitive topics, expressing a minority or antigovernment opinion in 
a hostile political environment, or participating in chat rooms. Other Internet 
users, however, would prefer to ban Web anonymity because they think its use 
increases the risks of defamation, fraud, and libel, as well as the exploitation 
of children. 
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internet censorship: The control 
or suppression of the publishing or 
accessing of information on the Internet. 


When an email is sent, the email software (e.g., Outlook) automatically 
inserts information called a header on each packet of the message that identi- 
fies where the email originated from and who sent it. In addition, IP addresses 
are attached to the email and captured as the message transfers through vari- 
ous routers and relay servers. Internet users who want to remain anonymous 
can send email to an anonymous remailer service, which uses a computer 
program to strip the originating header and/or IP number from the message. 
It then forwards the message to its intended recipient—an individual, a chat 
room, or a newsgroup—with either no IP address or a fake one, ensuring that 
the header information cannot be used to identify the author. Some remailers 
route messages through multiple remailers to provide a virtually untraceable 
level of anonymity. Anonymous remailers do not keep any list of users and 
corresponding anonymizing labels used for them; thus, a remailer can ensure 
its users that no internal information has been left behind that can later be 
used to break identity confidentiality. Even if law-enforcement agencies serve 
a court order to release information, there is nothing to turn over. 

The use of a remailer keeps communications anonymous; what is com- 
municated, and whether it is ethical or legal, is up to the sender. The use of 
remailers by people committing unethical or even illegal acts in some states 
or countries has spurred controversy. Remailers are frequently used to send 
pornography, to illegally post copyrighted material to Usenet newsgroups, and 
to send unsolicited advertising to broad audiences (spamming). An organiza- 
tion’s IT department can set up a firewall to prohibit employees from accessing 
remailers or to send a warning message each time an employee communicates 
with a remailer. 

As part of an antiterrorist operation in late 2014, police in Spain raided 14 
houses and social centers. Seven people arrested that day were held in a Madrid 
prison on suspicion of terrorism. The judge in the case cited three reasons 
for jailing the seven people—possession of certain books, including Against 
Democracy (a book that challenges the belief that the version of democracy 
practiced today is good and moral), the production of publications and forms 
of communication, and their use on an anonymous remailer to send emails. 
Many privacy experts believe that citing the use of secure email as a potential 
indicator of involvement in terrorist activities is an exceedingly dangerous 
precedent. As one blogger commented and many observers agree “Security is 
not a crime.””° 


Internet Censorship 


Internet censorship is the control or suppression of the publishing or access- 
ing of information on the Internet. Speech on the Internet requires a series 
of intermediaries to reach its audience (see Figure 3.4) with each intermedi- 
ary vulnerable to some degree to pressure from those who want to silence 
the speaker. Web hosting services are often the recipients of defamation or 
copyright infringement claims by government authorities or copyright hold- 
ers, demanding the immediate takedown of hosted material that is deemed 
inappropriate or illegal. Government entities may pressure “upstream” Internet 
service providers to limit access to certain Web sites, allow access to only some 
content or modified content at certain Web sites, reject the use of certain key- 
words in search engine searches, and track and monitor the Internet activities 
of individuals. 

Several countries have enacted so called three strikes laws that require ISPs 
to terminate a user’s Internet connection once that user has received a number 
of notifications of posting of content deemed inappropriate or illegal. Censor- 
ship efforts may also focus on Domain Name System (DNS) servers, which 
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FIGURE 3.4 


Internet Censorship 


convert human-readable host and domain names into the machine-readable, 
numeric Internet Protocol (IP) addresses that are used to point computers and 
other devices toward the correct servers on the Internet. This configuration is 
shown in Figure 3.4. Where authorities have control over DNS servers, officials 
can “deregister” a domain that hosts content that is deemed inappropriate or 
illegal so that the Web site is effectively invisible to users seeking access to 
the site. 

China has the largest online population in the world, with over 772 million 
Internet users (see Table 3.2, which depicts the top 12 countries in terms of 
number of Internet users). Note, however, that Internet censorship in China 
is perhaps the most rigorous in the world. The Chinese government blocks 
access to Web sites that discuss any of a long list of topics that are considered 
objectionable—including the Buddhist leader the Dalai Lama, anything to do 


TABLE 3.2 The top twelve countries with the highest number of 
internet users (2018) 


Internet users Population Internet Penetration 
Country (Millions) (Millions) (% of population) 
1 China Wie 1,415 54% 
2 India 462 1,354 34% 
3 United States Bil 327 95% 
4 Brazil 149 211 71% 
5 Indonesia 143 267 54% 
6 Japan 119 127 94% 
7 Russia 110 144 76% 
8 Nigeria 98 196 50% 
9 Mexico 85 131 65% 
10 Bangladesh 81 166 49% 
11 Germany 79 82 96% 
12 Philippines 67 107 63% 


SOURCES: “Internet Users by Country (2018)”, Internet Live Stats, htips.//Avww.internetworldstats.com/top20.htm. 
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Section 230 of the CDA: Provides 
immunity to an Internet service provider 
(ISP) that publishes user-generated 
content, provided its actions do not rise 
to the level of a content provider. 


with the government crackdown on the 1989 Tiananmen Square protests, and 
the banned spiritual movement Falun Gong. Chinese Web sites also employ 
censors who monitor and delete objectionable content. The government hires 
workers to post comments favorable to the government.” 

Surprisingly, Brazilian government demands have closed more Google 
Gmail accounts and more blogger sites than in any other country. In Brazil, 
filing a lawsuit to demand that Internet content be taken down is relatively 
easy and inexpensive. The ability of litigants to challenge content and demand 
that anonymous sources be revealed stifles Brazilian journalists and Internet 
bloggers.” 

Although there are clear and convincing arguments to support freedom of 
speech online, the issue is complicated by the ease with which children can 
access the Internet. Even some advocates of free speech acknowledge the need 
to restrict children’s Internet access, but it is difficult to restrict their access 
without also restricting adults’ access. In attempts to address this issue, the U.S. 
government has passed laws and software manufacturers have invented spe- 
cial software to block access to objectionable material. The following sections 
summarize these and other approaches to blocking access to content. 


Communications Decency Act (CDA) 

The Telecommunications Act became law in 1996. Its primary purpose was to 
allow free competition among phone, cable, and TV companies. The act was 
broken into seven major sections or titles. Title V of the Telecommunications 
Act was the Communications Decency Act (CDA), aimed at protecting children 
from pornography. The CDA imposed $250,000 fines and prison terms of up to 
two years for the transmission of “indecent” material over the Internet. 

In February 1996, the American Civil Liberties Union (ACLU) and 18 other 
organizations filed a lawsuit challenging the criminalization of so-called inde- 
cency on the Web under the CDA. The problem with the CDA was its broad 
language and vague definition of indecency, a standard that was left to individ- 
ual communities to determine. In June 1997, the Supreme Court ruled the law 
unconstitutional and declared that the Internet must be afforded the highest 
protection available under the First Amendment.” The Supreme Court said in its 
ruling that “the interest in encouraging freedom of expression in a democratic 
society outweighs any theoretical but unproven benefit of censorship.”*4 The 
ruling applied essentially the same free-speech protections to communication 
over the Internet as exist for print communication. 

If the CDA had been judged constitutional, it would have opened all aspects 
of online content to legal scrutiny. Many current Web sites would probably 
either not exist or would look much different today had the law not been 
overturned. Web sites that might have been deemed indecent under the CDA 
would be operating under an extreme risk of liability. 

Section 230 of the CDA, which was not ruled unconstitutional, provides 
immunity to an Internet service provider (ISP) that publishes user-generated 
content, provided its actions do not rise to the level of a content provider. It 
states that “No provider or user of an interactive computer service shall be 
treated as the publisher or speaker of any information provided by another 
information content provider” (47 U.S.C. § 230). In general, the closer an 
ISP is to a pure service provider than to a content provider, the more likely 
that the Section 230 immunity will apply.” This portion of the CDA protects 
social networking companies such as Facebook and Twitter from defamation 
suits in connection with user postings that appear on their sites. Because 
of Section 230, Web site owners and server hosts aren’t constantly dragged 
into endless lawsuits because someone said something inflammatory on one 
of their sites. 

Facebook presents a constantly updated list of stories, called the News 
Feed, in the middle of each Facebook user’s home page. Using an algorithm 
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based on each user’s Facebook activity and connections, the social networking 
site attempts to choose the “best” content out of several thousand potential 
stories, placing those near the top of the News Feed. The number of comments 
and likes a post receives as well as what type of story it is (e.g., photo, video, 
news article, or status update) influence whether and how prominently a story 
will appear in a user’s News Feed. Facebook also conducts surveys and focus 
groups to get input on what stories people think should appear. The more 
engaging the content, the more time users will spend on Facebook and the 
more often they will likely return to the site. This enables Facebook to earn 
more revenue from ads shown in News Feed content.” 

Because one of the traditional roles of a publisher is to select which sto- 
ries to show its readers, Facebook’s efforts to shape the news that its users 
see could result in it being viewed as an information content provider by the 
courts, resulting in a loss of protection under Section 230 of the CDA. If that 
were to happen, Facebook could become liable for defamation based on the 
postings of its subscribers. 


Internet Filtering 
internet filter: Software that can An Internet filter is software that can be used to block access to certain Web 
be used to block access to certain sites that contain material deemed inappropriate or offensive. The best Internet 
websites that contain material deemed filters use a combination of URL, keyword, and dynamic content filtering. With 
inappropriate or offensive. ; i : : sa oe é 
URL filtering, a particular URL or domain name is identified as belonging to 
an objectionable site, and the user is not allowed access to it. Keyword filter- 
ing uses keywords or phrases—such as sex, Satan, and gambling—to block 
Web sites. With dynamic content filtering, each Web site’s content is evaluated 
immediately before it is displayed, using techniques such as object analysis 
and image recognition. 

The negative side of Internet filters is that they can block too much content, 
keeping users from accessing useful information about civil rights, health, sex, 
and politics as well as online databases and online book catalogs. 

Some organizations choose to install filters on their employees’ computers 
to prevent them from viewing sites that contain pornography or other objec- 
tionable material. Employees unwillingly exposed to such material would have 
a strong case for sexual harassment. The use of filters can also ensure that 
employees do not waste their time viewing nonbusiness-related Web sites. 
According to TopTenREVIEWS, the top-rated Internet filters for home users 
for 2018 include Net Nanny, Spy Agent, and Qustodio.”’ Internet software fil- 
ters have also been developed to run on mobile devices such as Android and 
iPhone smartphones. 


Children’s Internet Protection Act (CIPA) 


In another attempt to protect children from accessing pornography and other 
explicit material online, Congress passed the Children’s Internet Protection Act 
(CIPA) in 2000. The act required federally financed schools and libraries to use 
some form of technological protection (such as an Internet filter) to block com- 
puter access to obscene material, pornography, and anything else considered 
harmful to minors. Congress did not specifically define what content or Web 
sites should be forbidden or what measures should be used—these decisions 
were left to individual school districts and library systems. Any school or library 
that failed to comply with the law would no longer be eligible to receive federal 
money through the E-Rate program, which provides funding to help pay for 
the cost of Internet connections. 

Opponents of the law were concerned that it transferred power over edu- 
cation to private software companies who develop the Internet filters and 
define what sites to block. Furthermore, opponents felt that the motives of 
these companies were unclear—for example, some filtering companies track 
students’ online activities and sell the data to market research firms. Opponents 
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defamation: The making of either 
an oral or a written statement of 
alleged fact that is false and that 
harms another person. 


also pointed out that some versions of these filters were ineffective, blocking 
access to legitimate sites and allowing access to objectionable ones. Yet another 
objection was that penalties associated with the act could cause schools and 
libraries to lose federal funds from the E-Rate program, which is intended to 
help bridge the digital divide between rich and poor, urban and rural. Loss of 
federal funds would lead to a less capable version of the Internet for students 
at poorer schools, which have the fewest alternatives to federal aid. 

CIPA’s proponents contended that shielding children from drugs, hate 
speech, pornography, and other topics was a sufficient reason to justify filters. 
They argued that Internet filters are highly flexible and customizable and that 
critics exaggerated the limitations. Proponents pointed out that schools and 
libraries could elect not to implement a children’s Internet protection program; 
they just wouldn’t receive federal money for Internet access. 

Many school districts implemented programs consistent with CIPA. Accep- 
tance of an Internet filtering system is more meaningful if the system and its 
rationale are first discussed with parents, students, teachers, and administra- 
tors. Then the program can be refined using everyone’s feedback. An essen- 
tial element of a successful program is to require that students, parents, and 
employees sign an agreement outlining the school district’s acceptable-use 
policies for accessing the Internet. Controlling Internet access via a central 
district-wide network rather than having each school set up its own filtering 
system reduces administrative effort and ensures consistency. Procedures must 
be defined to block new objectionable sites as well as remove blocks from Web 
sites that should be accessible. 

Implementing CIPA in libraries is much more difficult because a library’s 
services are open to people of all ages, including adults who have First Amend- 
ment rights to access a broader range of online materials than are allowed 
under CIPA. In United States, et al v. American Library Association, Inc., et al, 
the American Library Association challenged CIPA. Ultimately in that case, the 
Supreme Court made it clear that the constitutionality of government-mandated 
filtering schemes depends on adult patrons’ ability to request and receive unre- 
stricted access to protected speech.” A possible compromise for public libraries 
with multiple computers would be to allow unrestricted Internet use for adults 
but to provide computers with only limited access for children. 


Defamation Lawsuits 

The right to freedom of expression is restricted when the expressions, whether 
spoken or written, are untrue and cause harm to another person. Making 
either an oral or a written statement of alleged fact that is false and that harms 
another person is defamation. The harm is often of a financial nature, in that 
it reduces a person’s ability to earn a living, work in a profession, or run for 
an elected office, for example. An oral defamatory statement is slander, and a 
written defamatory statement is libel. Defamation lawsuits are filed frequently 
and are a form of censorship because they are seeking to stop unwanted 
speech or writings and to impose financial penalties for those speech instances 
or writings. 

Because defamation is defined as an untrue statement of fact, truth is 
an absolute defense against a charge of defamation. Although people have 
the right to express opinions, they must exercise care in their online com- 
munications to avoid possible charges of defamation. Organizations must 
also be on their guard and prepared to act in the event of libelous attacks 
against them. 

In recent years, a woman was hit with a $1 million defamation lawsuit after 
posting a poor review of a gynecologist on Yelp, Health Grades, and ZocDoc. 
She claimed she was billed over $1,300 for a new patient visit and ultrasound 
services that she received and for additional services that she did not receive. 
So far she has spent over $20,000 defending herself.” 
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Hate Speech Censoring 
In the United States, speech that is merely annoying, critical, demeaning, or 
offensive enjoys protection under the First Amendment. Legal recourse is pos- 
sible only when hate speech turns into clear threats and intimidation against 
specific citizens. Persistent or malicious harassment aimed at a specific person 
hate speech: Persistent or is hate speech, which can be prosecuted under the law, but general, broad 
malicious harassment aimed at a statements expressing hatred of an ethnic, racial, or religious group cannot. 
specit persón; For instance, a threatening private message sent over the Internet to a person, 
a public message displayed on a Web site describing intent to commit acts of 
hate-motivated violence against specific individuals, and libel directed at a 
specific person are all actions that can be prosecuted. 

Although ISPs and social networking sites do not have the resources to 
prescreen content (and they do not assume any responsibility for content pro- 
vided by others), many ISPs and social networking sites do reserve the right 
to remove content that, in their judgment, does not meet their standards. The 
speed at which content may be removed depends on how quickly such content 
is called to the attention of the ISP or social networking site, how egregious the 
content is, and the general availability of the company’s resources to handle 
such issues. 

To post videos on YouTube, you must first create a YouTube or a Google 
account (Google is the owner of YouTube) and agree to abide by the site’s 
published guidelines. The YouTube guidelines prohibit the posting of videos 
showing such things as pornography, animal abuse, graphic violence, predatory 
behavior, and drug use. The guidelines also prohibit the posting of copyrighted 
material—such as music, television programs, or movies—that is owned by a 
third party. YouTube staff members review user-posted videos on a regular 
basis to find any that violate the site’s community guidelines. Those that violate 
the guidelines are removed. Certain other videos are age-restricted because 
of their content. Users are penalized for serious or repeated violations of the 
guidelines and can have their account terminated.*! 

Because such prohibitions are included in the service contracts between 
ISPs and social networking sites and their subscribers and members—and do 
not involve the federal government—they do not violate anyone’s First Amend- 
ment rights. Of course, people who lose an ISP or social networking account 
for violating the provider’s regulations may resume their hate speech by simply 
opening a new account, either under a different name or with some other, more 
permissive site or ISP. 

Social media networks are increasingly coming under pressure to remove 
hate speech. Germany passed a law known as NetzDG or the Network Enforce- 
ment Act to crack down on offensive posts. The law requires that Facebook, 
Google, Instagram, Snapchat, Twitter, and YouTube to delete hate speech post- 
ings within 24 hours or face a fine of up €50 million ($57 million USD) for 
noncompliance. Critics are concerned that the social networks will err on the 
side of safety and delete content which does not really qualify as hate speech.” 


Internet Pornography Censoring 
Many people, including some free-speech advocates, believe that there is noth- 
ing illegal or wrong about viewing adult pornographic material made by and 
for consenting adults. They argue that the First Amendment protects such 
material. On the other hand, most parents, educators, and other child advocates 
are concerned that children might be exposed to online pornography. They are 
deeply troubled by its potential impact on children and fear that increasingly 
easy access to pornography encourages pedophiles and sexual predators. 
Clearly, the Internet has been a boon to the pornography industry by pro- 
viding fast, cheap, and convenient access to many millions of porn Web sites 
worldwide.” Access via the Internet enables pornography consumers to avoid 
offending others or being embarrassed by others observing their purchases. 
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There is no question that online adult pornography is big business (revenue 
estimates vary widely between $1 billion and $97 billion). PornHub, one of 
the most popular and largest hardcore porn Web sites, had 28.5 billion visits 
during 2017—almost 1000 per second.** 

If what someone distributes or exhibits is judged obscene, they are subject to 
prosecution under the obscenity laws. The precedent-setting Miller v. California 
ruling on obscenity predates the Internet. The judges in that case ruled that con- 
temporary community standards should be used to judge what is obscene. The 
judges allowed that different communities could have different norms. 

The key question in deciding what Internet material is obscene is: “Whose 
community standards are used?” Because Internet content publishers cannot 
easily direct their content into or away from a particular geographic area, one 
answer to this question is that the Internet content publisher must conform to 
the norms of the most restrictive community. However, this line of reasoning 
was challenged by the Third Circuit Court of Appeals in the Ashcroft v. American 
Civil Liberties Union case, which involved a challenge to the 1998 Child Online 
Protection Act (COPA). The Supreme Court reversed the circuit court’s ruling 
in this case—but with five different opinions and no clear consensus on the 
use of local or national community standards.* In United States v. Kilbride, the 
Ninth Circuit Court of Appeals ruled that “a national community standard must 
be applied in regulating obscene speech on the Internet, including obscenity 
disseminated via email.”*° In United States v. Little, the Eleventh Circuit Court 
of Appeals rejected the national community standard and adopted the older, 
local community standard. Currently there is no clear agreement within the 
courts on whether local or national community standards are to be used to 
judge obscenity. 

U.S. organizations must be very careful when dealing with issues relating 
to pornography in the workplace. By providing computers, Internet access, 
and training in how to use those computers and the Internet, companies could 
be seen by the law as purveyors of pornography because they have enabled 
employees to store pornographic material and retrieve it on demand. A survey 
published in the Archives of Sexual Behavior found that 21 percent of men 
watched porn at work.” If an employee sees a coworker viewing porn on a 
workplace computer, that employee may be able to claim that the company has 
created a hostile work environment. Such a claim opens the organization to a 
sexual harassment lawsuit that can cost hundreds of thousands of dollars and 
tie up managers and executives in endless depositions and court appearances. 

Many companies believe that they have a duty to stop the viewing of por- 
nography in the workplace. As long as they can show that they took reasonable 
steps and determined actions to prevent it, they have a valid defense if they 
become the subject of a sexual harassment lawsuit. If it can be shown that a 
company made only a half-hearted attempt to stop the viewing of pornogra- 
phy in the workplace, then the company could have trouble defending itself in 
court. Reasonable steps include establishing and communicating an acceptable 
use policy that prohibits access to pornography sites, identifying those who 
violate the policy, and taking disciplinary action against those who violate the 
policy, up to and including termination. 

A few companies take the opposite viewpoint—that they cannot be held 
liable if they don’t know employees are viewing, downloading, and distributing 
pornography. Therefore, they believe the best approach is to ignore the prob- 
lem by never investigating it, thereby ensuring that they can claim that they 
never knew it was happening. Many people would consider such an approach 
unethical and would view management as shirking an important responsibility 
to provide a work environment free of sexual harassment. Employees unwill- 
ingly exposed to pornography would have a strong case for sexual harassment 
because they could claim that pornographic material was available in the work- 
place and that the company took inadequate measures to control the situation. 
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Numerous federal laws address issues relate to child pornography— 
including laws concerning the possession, production, distribution, or sale 
of pornographic images or videos that exploit or display children. Possession 
of child pornography is a federal offense punishable by up to five years in 
prison. The production and distribution of such materials carry harsher pen- 
alties; decades or even life in prison is not an unusual sentence. In addition 
to these federal statutes, all states have enacted laws against the production 
and distribution of child pornography, and all but a few states have outlawed 
the possession of child pornography. At least seven states have passed laws 
that require computer technicians who discover child pornography on clients’ 
computers to report it to law enforcement officials. 

Sexting—sending sexual messages, nude or seminude photos, or sexually 
explicit videos over a cell phone—is a fast-growing trend among teens and 
young adults. Some states have adopted laws that prescribe penalties—a form 
of censorship—aimed specifically at teenagers engaged in sexting. Increas- 
ingly, people who take part in sexting are suffering the consequences of this 
fad. Once an image or video is sent, there is no taking it back and no telling 
to whom it might be forwarded. And it is not just teenagers who participate 
in sexting. Numerous educators, political figures, and celebrities have been 
discovered in embarrassing sexting situations. Sexters can also face prose- 
cution for child pornography leading to possible years in jail and decades of 
registration as a sex offender. 


Fake News as a Form of Censorship 


fake news: A false story that is Fake news is a false story that is presented as being factually accurate and 

presented as being factually accurate appears to be news. Fake news may be spread by the news media, over the 

and appears to be ROWS: Internet, via social media, or by other means. It is usually created to advance 
a certain political view or agenda. There are several strategies used to create 
fake news*: 


e Simply make a claim that is patently false. 

e Exclude a key piece of information critical to proper understanding the 
situation. 

e Deliberately not provide critical information until the end of the story by 
which time many readers will have lost interest and stopped reading. 

e Provide an incomplete accounting of the facts by not presenting facts 
unfavorable to the position of the writer. 

e Make a claim which is false, and then correct the original statement in 
manner that few people will see (post the initial story on the front page 
of the newspaper and then post the correction on the weekend buried in 
the back section of the newspaper). 


The proliferation of online sources of information and opinion means that 
the Internet is full of “news” accounts that are, in fact, highly opinionated, 
fictionalized, or satirical accounts of current events presented in journalistic 
style. Critics of such sites argue that real journalists adhere to certain standards, 
such as fact checking, identifying and verifying sources, presenting opinions 
on both sides of an issue, and avoiding libelous statements. 

Journalism, including the ways in which people get their news, is going 
through a period of rapid change. The sale of traditional paper newspapers 
and magazines continues to fall while online consumption of news is growing. 
Nearly twice as many adults (38 percent) report that they often get news online 
rather than from print media (20 percent). Much online news continues to 
come from traditional news sources, such as ABC, CBS, CNN, Fox, and NBC 
news, the Chicago Tribune, The New York Times, Newsweek, The Wall Street 
Journal, and U.S. News & World Report. However, readers looking for news and 
information online will also find a wide range of nontraditional sources—some 
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Critical 
Thinking 
Exercise 


of which offer more objective, verifiable news reporting than others—including 


the following types: 


e Blogs—On some blogs, writers discuss news and editorial content pro- 
duced by other journalists and encourage reader participation. Bloggers 
often report on things about which they are very passionate. As a result, 
they may be less likely to remain unbiased, instead stating their opinion 
and supporting facts without presenting the other side of an argument. 


Indeed, many bloggers pride themselves on their lack of objectivity, instead 


viewing themselves as an activist for a particular cause or point of view. 
e Fake news sites—These sites display salacious headlines on a legitimate 
Web site (e.g., Ivanka Trump moving out of the White House) designed 
to attract your attention. If the Web site visitor clicks on the headline 
(really an ad), the visitor is taken to a fake news site masquerading as 
a legitimate news site complete with imitation logo and page design. 
The fake news story begins with a headline and a large photo of the 
personality who is the subject of the headline. However, after just a few 
sentences, the story transitions into an ad for some product. Fake news 


publishers have been able to use the automated ad placement systems of 


Facebook, Google, and Twitter to place their ads on the legitimate Web 
sites of Snopes and PolitiFact, two fact-checking Web sites that rate the 
accuracy of claims made by elected officials and others. For the casual 
reader who perhaps just skims the headlines, all this can spread false, 


divisive, and inflammatory messages. This whole process is called tabloid 


cloaking.“ 
e Social media sites—Ordinary citizens are increasingly involved in the 
collection, reporting, analysis, and dissemination of news, opinions, and 


photos, which are then posted to various social media sites. Often, citizen 


journalists are “on the spot” and able to report on breaking news stories 


before traditional news reporters. While such timeliness of reporting can be 
a good thing, it does not always promote accuracy, clarity, and objectivity. 


Because reports, images, opinions, and videos shared via social media 


often spread like wildfire, they can sometimes cause confusion, misunder- 


standing, and controversy, rather than bringing clarity to a situation. 


Defining Hate Speech 
Æ WRITTEN AND ORAL COMMUNICATION 


Many ISPs and social networking sites reserve the right to remove content that, in 
their judgment, does not meet their community standards. You have been asked by 
the system administrator of your social networking site to draft a definition of hate 
speech to be included in your site’s community standards. Content that is judged 
to be hate speech will be removed. Members who continue to violate this standard 


will lose their membership. 


Review Questions 


1. How is removal of hate speech from a social networking Web site not a violation 


of a member’s First Amendment rights? 


2. How can you distinguish between speech that is directly harmful versus speech 


that is simply distasteful? 


Critical Thinking Questions 


1. Develop a clear and concise definition of hate speech to become part of the 
definition of your site’s community standards and that is suitable for use by 


monitors who will review content posted to your social network. 
2. Develop a statement to justify the monitoring of the postings to your site. 
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Ethical Issues in Developing Quality Software oe, . 


high-quality software systems: 
Systems that are easy to learn and 
use because they perform quickly and 
efficiently; they meet their users’ needs; 
and they operate safely and reliably 

so that system downtime is kept to a 
minimum. 


software defect: Any error that, if 
not removed, could cause a software 

system to fail to meet its users’ needs 
or open a door for a cyberattacker. 


safety-critical system: A system 
whose failure may cause human injury 
or death. 


High-quality software systems are systems that are easy to learn and use 
because they perform quickly and efficiently; they meet their users’ needs; and 
they operate safely and reliably so that system downtime is kept to a minimum. 
Computers and software are integral parts of almost every business, and the 
demand for high-quality software in a variety of industries is increasing. End 
users cannot afford system crashes, lost work, or lower productivity. Nor can 
they tolerate security holes through which intruders can spread viruses, steal 
data, or shut down Web sites. Software manufacturers face economic, ethical, and 
organizational challenges associated with improving the quality of their software. 
A software defect is any error that, if not removed, could cause a soft- 
ware system to fail to meet its users’ needs or provide an open door for a 
cyberattacker. The impact of a defect can range from the trivial to the serious. 
Tricentis, a software testing company, examined 606 software failures from 314 
companies to better understand the business and financial impact of software 
defects. It found that these 606 software failures affected 3.6 billion people, 
caused $1.7 trillion in financial losses, and a cumulative total of 268 years of 
business downtime.*! Here are a few recent examples of software defects:? 


e Fiat Chrysler recalled over a million trucks due to a software defect 
related to at least one fatality. The issue was caused by faulty code that 
temporarily disabled airbags and seat belt functionality. 

e A major software defect affecting five Australian hospitals was intro- 
duced during the application of faulty software corrections designed to 
counter potential future cyber-attacks. It took over two weeks for the 
hospitals to recover their electronic medical record systems. 

e ach year multiple airlines are affected by software defects in their 
ticketing and/or reservation systems, resulting in massive cancellations 
of local flights and significant delays in international flights, further 
upsetting travelers and resulting in loss of revenue. 


Software developers constantly face ethical questions of how much money, 
time, and effort they should invest to ensure the development of high-quality 
software. A manager who takes a short-term, profit-oriented view may feel that 
any additional time and money spent on quality assurance will only delay a 
new software product’s release, resulting in a delay in new sales revenue and 
lowering of profits. However, a different manager may consider it unethical 
not to fix all known problems before putting a product on the market and 
charging customers for it. 


Safety-Critical Systems 


Although defects in any software system can cause serious problems, the con- 
sequences of software defects in certain systems can be deadly. In these kinds 
of systems, the stakes involved in creating quality software are raised to the 
highest possible level. The ethical decisions involving a trade-off—if one must 
be considered—between quality and such factors as cost, ease of use, reliability, 
and time to market require extremely serious examination. 

A safety-critical system is one whose failure may cause human injury or 
death. The safe operation of many safety-critical systems relies on the perfor- 
mance of software. Such systems control an ever-increasing array of products 
and applications, including antilock brakes, adaptive cruise control functional- 
ity, and a myriad of other safety-related features found in automobiles; nuclear 
power plant reactors; aircraft flight control; military weapons; and a wide range 
of medical devices. 

Failure to take the strongest measures to ensure the safety of a safety-critical 
system “is at best unprofessional and at worst leads to disastrous consequences.” 
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Critical 
Thinking 
Exercise 


However, even with these types of precautions, the software associated with 
safety-critical systems is still vulnerable to errors that can lead to injury or death. 
The following are some examples of safety-critical system failures: 


e Problems with uncontrollable acceleration and a faulty antilock braking 
system resulted in lost lives and required Toyota to issue three separate 
recalls costing it nearly $3 billion.“ 

e Neonatal ventilators manufactured by Covidien were recalled because a 
software problem caused the amount of air being delivered to the patient 
to be less that the amount specified by the physician or nurse. The 
problem could lead to serious injury or death.‘ 

e As many as 4.3 million General Motors cars and trucks have potentially 
defective airbags that may fail to deploy in an accident due to flawed 
embedded software in the vehicles. 


The process of building software for safety critical systems takes much 
longer and is much more expensive than for high-quality systems for the 
following reasons: 


e Software developers working on a safety-critical system must be highly 
trained and experienced professionals who recognize that the software is 
only one component of the system; other components typically include 
system users or operators, hardware, and other equipment. Software devel- 
opers need to work closely with safety and systems engineers to ensure 
that the entire system, not just the software, operates in a safe manner. 

e Extreme measures must be taken to identify and remove software defects 
from safety-critical systems starting at the very earliest stages of software 
development—requirements definition and all the way through final 
testing. All tasks—including requirements definition, systems analysis, 
design, coding, fault analysis, testing, implementation, and change 
control—require additional steps, more thorough documentation, and 
vigilant checking and rechecking. As a result, safety-critical software 
takes much longer to complete and is much more expensive to develop. 

e A great deal of effort must be put into identifying what can go wrong, 
the likelihood and consequences of such occurrences, and how these 
risks can be averted, mitigated, or detected so the users can be warned. 


The increased time and expense of completing safety-critical software can 
draw developers into ethical dilemmas. They must carefully weigh cost and 
ease of use issues in developing a system that is safe and that also appeals 
to customers. For example, the use of hardware mechanisms or redundant 
software to back up or verify critical software functions can help ensure safe 
operation. However, such hardware or redundancy may make the final product 
more expensive to manufacture or harder for the user to operate—potentially 
making the product less attractive than a competitor’s. 

Another key issue is deciding when sufficient software testing has been 
performed. How much testing is enough when you are building a product 
whose failure could cause loss of human life? At some point, software devel- 
opers must determine that they have completed sufficient testing and then sign 
off to indicate their approval to release the product. Determining how much 
testing is sufficient demands careful decision making. 


Problems with EHR Systems 
æ SOCIAL AND ETHICAL ISSUES 


It is estimated that some 250,000 to 440,000 people in the United States die every 
year from medical errors. This makes medical errors the third-leading cause of 
death after heart disease and cancer.“ Electronic health records (EHRs) and other 
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technologies are intended to reduce errors and improve the delivery of care. How- 
ever, some industry experts believe use of these tools is simply swapping one set 
of mistakes for another. For instance, EHR users are highly prone to forgetting to 
enter orders for patient tests and erroneously entering medication orders. Such 
errors can result in harm to patients.* 

In some cases, the rush by doctors and hospitals to earn cash incentives under 
the HITECH Act has led to the adoption of complex and error-prone EHR systems. 
Implementation of poor EHR systems coupled with inadequate user training can 
leave patients just as vulnerable to medication errors as they were when health 
care providers used paper charts. “Patient safety is not improved by merely imple- 
menting health IT. The technology is part of a larger sociotechnical system, which 
relies not only on hardware and software functionality but also people, workflow, 
and processes.”” 

And there have been cases of EHR software vendors exaggerating the quality 
of their systems. For example, The Department of Justice contends that software 
vendor eClinicalWorks falsely obtained certification of its EHR product. Charges 
include allegedly cheating the “meaningful use” certification test, failing to make 
critical updates and bug fixes, and not ensuring data portability to enable doctors 
to transfer patient data to other vendor’s EHR systems.” 


Review Questions 

1. Do you believe the EHR systems should be classified as safety-critical systems? 
Why or why not? 

2. Does your personal physician employ an EHR system during your office visits? 
Do you feel that this system improves the quality of your interaction with the 
physician? Why or why not? 


Critical Thinking Questions 

1. Explain how measures could be implemented in the software to reduce the 
likelihood of forgetting to enter patient tests. What software logic could be 
introduced to reduce the potential that the wrong medications are prescribed 
for the patient? 

2. What measures should be taken to ensure a more rigorous EHR software cer- 
tification process? 


Principle: 


An ethical decision-making process and a code of ethics can guide you 
as you confront the many ethical dilemmas associated with information 
systems. 

Ethics is the set of principles about what is right and wrong that individuals 
use to make choices to guide their decisions. 

Ethical behavior conforms to generally accepted norms, which may change 
over time to meet the evolving needs of society or a group of people who share 
similar laws, traditions, and values that provide structure to enable them to live 
in an organized manner. 

Legal acts are acts that conform to the law. Ethical acts conform to what 
an individual believes to be the right thing to do. Laws can proclaim an act as 
legal, although many people may consider the act unethical. 

Practitioners in many professions subscribe to a code of ethics that states 
the principles and core values that are essential to their work and, therefore, 
govern their behavior. 
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Organizations have five good reasons to promote a work environment in 
which employees are encouraged to act ethically: to gain the goodwill of the 
community, to create an organization that operates consistently, to foster good 
business practices, to protect the organization and its employees from legal 
action, and to avoid unfavorable publicity. 

An effective decision-making process that includes ethical consideration 
consists of these five steps: develop a problem statement based on facts, identify 
several alternatives enlisting help from those who have first-hand knowledge of 
the situation, choose an alternative based on a number of criteria, implement 
the decision with clear communications to those who will be affected, and 
evaluate the results to see if the desired results were achieved. 

A professional code of ethics states the principles and core values that are 
essential to the work of a particular occupational group. 

Following a code of ethics can produce four key benefits for the individ- 
ual, the profession, and society: improve ethical decision-making, provide high 
standards of practice and ethical behavior, engender trust and respect from the 
general public, and provide an evaluation benchmark the professional can use 
as a means of self-assessment. 


Principle: 


The use of technology requires balancing the needs of those who use the 
information that is collected against the rights of those whose information 
is being used. 

Organizations want systems to collect and store basic information about 
customers to serve them better. However, many people object to the data col- 
lection policies on the grounds they strip individuals of the power to control 
their own personal information. A combination of new laws, technical solu- 
tions, and privacy policies is needed to balance the scales. 

Fair information practices is a term for a set of guidelines that govern the 
collection and use of data. Nor is there an established advisory agency that 
recommends acceptable privacy practices to businesses. 

The General Data Protection Regulation (GDPR) is a set of privacy require- 
ments that apply across the European Union including non-EU organizations 
that market to or process information of individuals in the European Union. 

The United States has no single, overarching national data privacy policy. 

Three subject areas where federal statutes have been implemented to pro- 
tect the personal data of U.S. citizens are financial data, health information, 
and children’s personal data. 

The Fair Credit Reporting Act, Right to Financial Privacy Act, and Fair and 
Accurate Credit Transactions Act are three U.S. federal statutes aimed at pro- 
tecting individuals’ financial data. 

The Health Insurance Portability and Accountability Act and American 
Recovery and Reinvestment Act are two U.S. federal statutes aimed at protect- 
ing individuals’ health care data. 

The Family Educational Rights and Privacy Act and the Children’s Online 
Privacy Protection Act are two U.S. federal statutes aimed at protecting chil- 
dren’s data. 

Four steps individuals can take to protect their personal privacy include: (1) 
find out what is stored about you in existing databases, (2) be careful when you 
share information about yourself, (3) be proactive in protecting your privacy, 
and (4) take extra care when purchasing anything from a Web site. 

U.S. federal statutes protect citizens from government surveillance while at 
the same time authorize the government to collect data. 

The scope of government surveillance has expanded from collecting data 
on as few people as possible to collecting as much data on as many people as 
possible. 
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The federal government has implemented many laws addressing personal 
privacy; however, data-collection programs have raised concerns and debate 
between those who favor data collection as a means to increased security and 
those who view such programs as a violation of their rights. 

Information technology has provided amazing new ways for people to 
communicate with others around the world, but with these new methods come 
new responsibilities and new ethical dilemmas related to freedom of expres- 
sion, control of access to information on the Internet, anonymity, hate speech, 
pornography, and fake news. 

The First Amendment and anonymous expression safeguard our freedom 
of speech. 

The First Amendment protects Americans’ rights to freedom of religion, 
freedom of expression, and freedom to assemble peaceably. 

Anonymous expression is the expression of opinions by people who do 
not reveal their identity. The freedom to express an opinion without fear of 
reprisal is an important right of a democratic society. 

Section 230 of the Communications Decency Act and the Children’s Online 
Privacy Protection Act have a major impact on the operation of Internet service 
providers. 

Section 230 of the Communications Decency Act provides immunity to an 
Internet service provider that publishes user-generated content, provided its 
actions do not rise to the level of a content provider. 

The Children’s Online Privacy Protection Act requires that any Web site 
that caters to children must offer comprehensive privacy policies, notify par- 
ents or guardians about its data collection practices, and receive parental con- 
sent before collecting any personal information from children under 13 years 
of age. 

To help parents control what their children see on the Internet, some com- 
panies provide filtering software to help screen Internet content. 

Schools and libraries that fail to comply with the Children’s Internet 
Protection Act would no longer be eligible to receive federal money through 
the E-Rate program, which provides funding to help pay for the cost of Internet 
connections. 

Internet censorship is the control or suppression of the publishing or 
accessing of information on the Internet. Speech on the Internet requires a 
series of intermediaries to reach its audience with each intermediary vulner- 
able to some degree to pressure from those who want to silence the speaker. 
Internet censorship in China is perhaps the most rigorous in the world. 

The freedom to express an opinion without fear of reprisal is an important 
right of a democratic society. The use of anonymous remailers helps keep com- 
munication anonymous; whether what is communicated, whether it is ethical or 
legal, is up to the sender. 

The right to freedom of expression is restricted when the expressions are 
untrue and cause harm to another person such as with defamation or hate 
speech. 

A business should develop a clear and thorough policy about privacy rights 
for customers, including database access. That policy should also address the 
rights of employees, including electronic monitoring systems and email. 


Software developers must make trade-offs between project schedules, 
project costs, system reliability, and software quality. 

High-quality systems are easy to learn and use because they perform 
quickly and efficiently; they meet their users’ needs; and they operate safely 
and reliably so that system downtime is kept to a minimum. 

A software defect is any error that, if not removed, could cause a soft- 
ware system to fail to meet its users’ needs or provide an open door for a 
cyberattack. 
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A safety-critical system is one whose failure may cause human injury or 
death. 

There are three reasons why the process of building software for safety 
critical systems takes much longer and is much more expensive than for high 
quality systems: (1) it requires highly trained and experienced professionals 
who work closely with safety and systems engineers to ensure that the entire 
system operates in a safe manner; (2) extreme measures must be taken to iden- 
tify and remove software defects starting at the earliest stages of software devel- 
opment; and (3) a great deal of effort must be spent identifying what can go 
wrong, the likelihood and consequences of such occurrences, and identifying 
how these risks can be averted, mitigated, or detected so users can be warned. 

Two key issues software developers face when developing safety-critical 
systems are (1) how to weigh cost and ease of use issues versus safety and 
product appeal and (2) how to decide when sufficient software testing has 


been done. 

Key Terms 
American Recovery and Reinvestment Act Title XIII hate speech 
anonymous expression Health Insurance Portability and Accountability Act 
Children’s Online Privacy Protection Act (COPPA) (HIPAA) 
Defamation high-quality software systems 
ethics Internet censorship 
Fair and Accurate Credit Transactions Act Internet filter 
Fair Credit Reporting Act problem statement 
fair information practices professional code of ethics 
fake news Right to Financial Privacy Act 
Family Educational Rights and Privacy Act (FERPA) safety-critical system 
First Amendment Section 230 of the CDA 
Fourth Amendment software defect 


General Data Protection Regulation (GDPR) 


Self-Assessment Test 


An ethical decision-making process and a code of c. The employees’ tendency to act in a manner 
ethics can guide you as you confront the many ethical that seems ethical to them will be suppressed 
dilemmas associated with information systems. and instead they will act in a manner that will 
protect them from punishment. 
1. Acting in an ethical manner and acting in a legal d. The value of its stock and how consumers 
manner will always lead to the same actions. regard its products and services will be 
True or False? improved. 
2. is not a benefit of promoting 3. The step in the ethical decision- 
a work environment in which employees are making process is considered the most critical. 
encouraged to act ethically. a. develop a problem statement 
a. The organization will find it easier to recruit b. identify alternatives 
and retain top job candidates. c. choose alternative 
b. Employees will act in a consistent manner so d. implement the decision 
that stakeholders can know what to expect of 4. The primary intent of a code of ethics is to 
the organization. define desired behavior. True or False? 
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5. The fact that is not a benefit that 
can be expected from following a professional 
code of ethics. 

a. peers of a professional can use the code for 
recognition or censure 

b. adherence to a code of ethics enhances trust 
and respect for professionals and their 
profession 

c. a code can provide an answer to every ethical 
dilemma 

d. a code of ethics provides an evaluation 
benchmark that a professional can use as a 
means of self-assessment 


The use of technology requires balancing the needs 
of those who use the information that is collected 
against the rights of those whose information is 
being used. 


6. A key difference between the U.S. and EU fair 
information practices is that 5 
a. although numerous laws have been imple- 
mented over time, no single overarching 
national data privacy policy has been devel- 
oped in the United States 

b. U.S. federal statutes impose substantial mone- 
tary fines for data abuses by corporations 

c. the GDPR does not place obligations on 
organizations to obtain the consent of people 
they collect information about and to better 
manage this data 

d. in the United States, organizations found to 
be in violation of fair data practices are sub- 
ject to fines of up to 2 percent of their global 
revenue 

7. Three subject areas where federal statutes have 
been implemented to protect the personal 
data of U.S. citizens include financial data, 
children’s personal data, and 
information. 

8. One means of ensuring that you are interacting 
with a secure Web site is to look for a Web 
address beginning with https. True or False? 

9. There is a concern by some people who belong 
to a particular ethnic, religious, or social 
group that surveillance data collected by the 
government could be used to identify and target 
them and their associates. True or False? 

10. The NSA is required to obtain permission from 
the Foreign Intelligence Surveillance Court 
(FISC) to access the telephone metadata records 
of U.S. citizens, which are now held by telecom- 
munication companies rather than by the 
government. True or False? 

11. The right to freedom of expression is one of 
the most important rights for free people in the 


12. 


13. 


United States. The was adopted 

to guarantee this right and others. 

a. Bill of Rights 

b. First Amendment 

c. Fourth Amendment 

d. Constitution 

Which of the following statements about 

any website that caters to children is not 

true? 

a. It must offer comprehensive privacy policies. 

b. It must notify parents or guardians about its 
data collection practices. 

c. It must receive parental consent before 
collecting any personal information from 
children under 13 years of age. 

d. It must request birth date and a confirming 
social security number. 

Act was written to protect chil- 

dren from pornography on the Internet but was 

ruled unconstitutional. 

The Telecommunications 

Section 230 of the Communications Decency 

Much of the Communications Decency 

The Children’s Internet Protection 


Lng 


Software developers must make trade-offs between 
project schedules, project costs, system reliability, 
and software quality. 


14. 


15: 


16. 


Safety-critical systems are easy to learn and use 
because they perform quickly and efficiently, 
they meet their users’ needs, and they operate 
safely and reliably. True or False? 
The process of building software for safety- 
critical systems takes much longer and is much 
more expensive because 
a. they are usually being built for the 
government and there is much red tape 
and delays 
b. they usually involve either aircraft or auto- 
mobiles and must meet additional imposed 
by the National Transportation and Safety 
Board 
c. extreme measures must be taken to identify 
and remove defects starting at the very 
earliest stages of software development 
d. the software must be written in machine 
or assembly programming languages which 
are extremely tedious and time consuming 
to use 
The builders of safety-critical systems must 
determine when they have completed sufficient 
testing and sign off their approval to release 
the product. This is typically an easy and 
straight-forward decision. True or False? 
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Self-Assessment Answers 


ANAWRWN 


False 


Review and Discussion Questions 


Explain the difference between ethical and legal. 
Fostering good business practices and protecting 
the organization and its employees from legal 
action are two reasons for an organization to 
promote a work environment in which employees 
are encouraged to act ethically. True or False. 

List the steps within the ethical decision-making 
process. 


. What are the two key elements of an organiza- 


tion’s code of ethics? 

Following a professional code of ethics can 
improve ethical decision making. True or False? 
Summarize the differences between U.S. and EU 
fair information practices. 

Identify three subject areas where federal 
statutes have been implemented to protect the 
personal data of U.S. citizens. 

What are four steps you can take to protect your 
personal privacy? 

Discuss the tradeoffs between information 
security and privacy. 


10. 


Discuss why it is said that U.S. federal statutes 
protect citizens from government surveillance 
but at the same time authorize the government 
to collect such data. 


. What are the key points of the First Amendment 


in terms of protecting our freedom of speech? 
Describe how Section 230 of the 
Communications Decency Act protects social 
media networks. 


. What measures are social media networks 


taking to address defamation, hate speech, and 
pornography on the Internet? 


. What are the differences between a high-quality 


software system and a safety-critical system? 
Identify three measures taken during the devel- 
opment of a safety-critical system that cause 
such systems to cost more and take longer to 
complete. 

Identify two ethical dilemmas that software 
developers face when building high-quality or 
safety-critical systems. 


Business-Driven Decision-Making Exercises 


1. 


2. 


You are a member of the HR organization of a 
large consumer goods manufacturing company. 
Over lunch one day, a friend of yours who works 
in the warehouse mentions that video surveil- 
lance cameras have been installed in an attempt 
to cut down on rampant theft of finished prod- 
ucts. You are surprised when your friend tells 
you that the warehouse workers are unaware 
and uninformed that cameras were installed. 
Does this constitute a potential violation of the 
employees’ Fourth Amendment rights? What 
action should you take? 

You are a new hire at a large software firm and 
have been working overtime for the last two 


months trying to complete the final testing of a 
new software release for the firm’s flagship prod- 
uct, which is used by thousands of organizations 
worldwide. Unfortunately, the software has many 
bugs and testing has taken weeks longer than 
expected. This afternoon your boss stopped by 
and asked you to “sign off” on the completion of 
your portion of the testing. He explains that the 
project has gone over budget and is in danger of 
missing the committed release date for customers. 
When you object because you feel the software 
is still buggy, he says not to worry and that what- 
ever bugs remain will be fixed in the next release 
of the software. What do you do? 
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Teamwork and Collaboration Activities 


1. Organizational network analysis is a method for 
studying communication among individuals. Read 
the article: Making the Invisible Visible: SNA of 
the NSA by Joseph A.E. Shaheen at bitps:/Avww 
Jjosephshaheen.com/nsa-sna-xkeyscore/3 70. The 
NSA uses the techniques described there to ana- 
lyze communications among individuals. Use 
graphics software to create an organizational 
network analysis that depicts the email and text 
communications of the members of your team for 
a week. If someone were to study this network 


analysis, what conclusions might they draw about 
the members of your team? 

2. You and your team members are setting up a 
Web site that offers coloring books and art sup- 
plies to young children in the 4-13 age range. 
Develop a list of actions needed to ensure that 
your Web site does not violate the Children’s 
Online Privacy Protection Act. Your Web site will 
process orders placed using PayPal and major 
credit cards. Draft an appropriate Web site pri- 
vacy policy using one of the online templates. 


Career Exercises 


1. It is the year 2026 and you are one of five 
Gotham City council members. Violent crime has 
been a serious problem in your city for decades 
with more than 650 homicides/year. The city is 
considering spending $45 million to implement 
a new Domain Awareness surveillance system to 
cover the three community areas with the high- 
est homicide rate—all with over 125 homicides 
per 100,000 residents. 

The Domain Awareness surveillance system 
includes 1,000 state-of-the-art surveillance cam- 
eras equipped with gunshot detection devices 
that can detect where a gun was fired to within 
50 feet, license plate readers, and advanced ana- 
lytic software designed to recognize suspicious 
activity or crimes in process. The surveillance 
cameras are designed to hand off to each other 
so that a suspect’s trail can be followed from one 
camera to the next. 

Although Gotham City’s annual budget 
exceeds $3 billion, the city has been running a 
deficit of over $200 million/year and a financial 


crisis is looming over a shortfall of some $300 
million in the city employee’s retirement fund. 
City council meets in two weeks to consider a 
proposal to implement the Domain Awareness 
system. 

What steps would you take to become more 
informed about the capabilities, strengths, and 
limitations of this system? What potential techni- 
cal and non-technical issues are associated with 
this system? How might the citizens of Gotham 
City react to installation of such a system? 

2. You are a member of the human resources 
group of an IT consulting firm with some three 
dozen consultants. You are considering initiating 
a program to encourage more of the consultants 
to join IT-professional organizations and to earn 
more IT-related certifications. Identify three 
business benefits of doing this. What incentives 
might you offer to the consultants to encourage 
them to join professional organizations and gain 
more certifications? What resistance might you 
expect from some of the staff? 


Æ SOCIAL AND ETHICAL ISSUES, TECHNOLOGY IN SOCIETY 


Government Employs Backdoor Searches 

The Central Intelligence Agency (CIA) conducts foreign 
covert operations, counterintelligence operations, and col- 
lects and analyzes foreign intelligence for the president and 
his staff to aid in national security decisions. The National 
Security Agency (NSA) is responsible for global monitoring, 
collection, and processing of information for foreign intelli- 
gence and counterintelligence purposes. The Federal Bureau 
of Investigation (FBI) conducts domestic counterintelligence 
and counterterrorism operations in addition to its role as 
the lead law enforcement agency in the country. 


These three agencies have implemented sophisti- 
cated programs to capture, store, and analyze electronic 
communications. The Downstream program (formerly 
called PRISM) extracts data from the servers of nine 
major American Internet companies including AOL, Apple, 
Facebook, Google, Microsoft, Paltalk, Skype, Yahoo, and 
YouTube to obtain direct access to audio, video, photo- 
graphs, emails, documents, and connection logs for each 
of these systems. The Upstream program taps into the 
infrastructure of the Internet to capture the online com- 
munications of foreigners outside the United States while 
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their communications are in transit. The leaders of the 
intelligence agencies argue that these programs are essen- 
tial to fighting terrorism. The agencies can also provide a 
dozen or more examples of how use of the data gathered 
by these programs has thwarted the efforts of terrorists 
around the world. 

The programs are authorized by Section 702 of the 
FISA Amendments Act which authorizes surveillance of any 
foreigner overseas, provided the purpose is to obtain “for- 
eign intelligence.” The Act loosely defines “foreign intelli- 
gence” to mean any information that “relates to” the conduct 
of foreign affairs. This broad definition means that the target 
being surveilled need not be a terrorist. The target needs 
only to be thought to have information that is relevant to 
the government’s foreign intelligence objective—whatever 
that may be. 

The process of gathering foreign electronic communica- 
tions necessarily means the incidental capture of many con- 
versations involving an American (who may be here in the 
United States) and a foreign target. They may well be having 
a totally innocent communication with a foreign friend, 
relative, or business partner who is not suspected of any 
wrongdoing whatsoever. The total number of Americans’ 
communications “incidentally” collected since the inception 
of Section 702 is well into the millions. 

Section 702 also allows the government to pool all the 
messages it intercepts into a giant database and then search 
the database, including conversations involving Americans— 
without a warrant. Warrantless surveillance of communi- 
cations between Americans and foreigners is known as a 
“backdoor search” because it effectively evades other pro- 
visions of United States law that require an individualized 
warrant or court order for access to such data. The agencies 
are authorized to conduct unlimited warrantless backdoor 
searches of those communications for information about 
Americans or individuals located in the United States during 
any investigation. The agencies are only required to obtain 
a warrant to view American’s data if the investigation is not 
related to national security. 

There is a rigorous process that law enforcement 
agents must go through to wiretap a phone with three key 
requirements that clearly distinguishes this method of gath- 
ering data from Downstream and Upstream. First, before 
beginning the wiretap, agents must prove to a judge that 
they have probable cause to believe that tapping a specific 
phone will help them solve serious federal crimes such as 
terrorism, money laundering, or drug trafficking. Second, 

a time limit must be defined for the wiretapping to start 
and end; it cannot go on forever. Third, the wiretapping is 
limited only to those conversations that are likely to yield 
evidence against the suspect. 


There are also major differences between the way 
Downstream and Upstream programs collect data and the 
way data is gathered under an ordinary search warrant. 
Downstream and Upstream gather all the data there is to 
be collected and create a source of data that can be queried 
to find evidence of a crime. If a police department obtains 
a search warrant to search a house for illegal drugs, agents 
can lawfully enter the house and search every room. But 
after finding (or failing to find) the drugs, they cannot then 
go rummaging through file cabinets for evidence of sex- 
trafficking and then seize computers to search for evidence 
of tax evasion, even though the officers are lawfully present 
in the house. They must get a separate warrant to conduct 
each search in advance of any search. 


Critical Thinking Questions: 


1. Many people believe that the lack of evidence that 
an American is engaged in wrongdoing is hardly a 
compelling justification for a warrantless search of his 
or her communications. To the contrary: if the intelli- 
gence agencies do not have probable cause to suspect 
criminal activity, they have no business reading Amer- 
icans’ emails and listening to their phone calls. Imag- 
ine that you agree with this position, what changes do 
you feel are needed to FISA Section 702? 

2. Others believe that our intelligence agencies should 
capture all the data possible to protect us from terror- 
ists and if, while doing this, a source of data is created 
that can be used in criminal cases, so much the bet- 
ter. Imagine that you agree with this position, what 
changes do you feel are needed to FISA Section 702? 

3. Do you believe that the Downstream and Upstream 
programs are examples of tipping the scales of justice 
in favor of security over privacy? Justify your answer. 
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Principles 


The computer hardware indus- 
try is rapidly changing and 
highly competitive, creating an 
environment ripe for technologi- 
cal breakthroughs. 


Computer hardware must be 
carefully selected to meet the 
evolving needs of the organiza- 
tion and its supporting informa- 
tion systems. 


The computer hardware indus- 
try and users are implementing 
green computing designs and 

products. 


Software is valuable in helping 
individuals, workgroups, and 
entire enterprises achieve their 
goals. 


Organizations typically use off- 
the-shelf application software to 
meet common business needs 
and proprietary application 
software to meet unique busi- 
ness needs and provide a com- 
petitive advantage. 


Learning Objectives 


Hardware and Software 


e Describe the functions of the four fundamental hardware components 


of every computer. 

Explain the difference between multiprocessing, parallel processing, 
and grid computing. 

Describe how each of the three primary classes of computers is used 
within an organization. 

Identify the three or four subclasses associated with each primary 
class of computer. 

Identify three primary features that distinguish tier 1, 2, 3, and 4 data 
centers. 


State the three primary goals of the “green computing” program. 


List the two basic kinds of software and their associated subclasses. 
Describe the role of the operating system. 
State three cost savings benefits associated with server virtualization. 


Describe how the service-oriented architecture approach is used to 
build software and microservices. 


Identify three advantages of off-the-shelf versus proprietary software. 
State four key advantages of the software as a service model. 


Give an example of how application software is used in the personal, 
workgroup, and enterprise sphere of influence. 


Identify five tasks for which programming languages are commonly used. 


Identify the three primary types of end-user license agreements. 


Compare open-source software to licensed software in terms of how 
each is used and supported. 


GaudiLab/Shutterstock.com 


IS in Action 


Pixar Streamlines Key Business Process 


Æ SYSTEMS AND PROCESSES 


Pixar is a computer animation film studio that began in 1979 as the Graphics Group. Now, 
it is part of the Lucasfilm computer division. Initially Pixar was a hardware computer firm 
developing high-end image processing devices. After he was ousted from Apple in 1985, 
Apple co-founder Steve Jobs purchased Pixar and began producing animated short features 
to demonstrate the power of its hardware. However, the hardware company was not prof- 
itable and so Pixar began doing more animated projects. Pixar made a deal with Disney 
to produce the first feature film entirely in computer-generated imagery (CGD—Toy Story. 
Based on the success of this film, Jobs was able to take Pixar public. Disney eventually 
purchased Pixar in 2006 in a stock deal valued at $7.4 billion. 

A typical Pixar animation takes four to five years to complete. Pixar employees collabo- 
rate on their films as a team in a design process that involves the routine ongoing exchange 
of digital design products between designers and animators. They employ RenderMan, Pixar’s 
own image-rendering application programming interface, to generate high-quality images. 

Pixar’s proprietary animation software is used to create three-dimensional computer 
models of characters, props, and sets. These initial models have no surface color or texture— 
just the lines and outlines of the individual cubes, blocks, and spheres that have been used to 
construct it. These initial models are called the wireframe. The models are then given avars 
or hinges which the animator uses to make the object or character move. (Woody from Toy 
Story has 100 avars in his face alone.) Next, shadows, lighting, animation, colors, and textures 
must be added in order to create life-like images on a screen. Finally, powerful computers 
are used to assemble all the digital information that the animators have created into a single 
frame of film. Pixar’s RenderMan software draws the finished image by computing every pixel 
of the image from the model, shadows, lighting, animation, colors, and texture data stored in 
various files to create life-like images. If the director decides a set of frames does not produce 
the desired visual effects, Pixar team members repeat some of these steps. 

The time it takes to render one frame depends on the complexity of the scene and 
the speed of the computer doing the rendering. Monster’s University is a 110-minute 
movie released in 2013. Pixar-animated films are produced at a frame rate of 24 frames 
per second, so this film required the rendering of over 150,000 individual frames. With 
the technology available at the time, it took over two years of processing time to complete 
the rendering process. 

Pixar built what it calls a render farm—a large data-processing center filled with 
over 2,000 multicore processors and a data storage capacity exceeding 100 terabytes—in 
order to reduce the rendering bottleneck. This enables Pixar to turn out films faster, thus 
accelerating cash flow—Pixar full length films generate an average of over $600 million 
in worldwide revenue. Another factor to consider is the value of the artist’s time—skilled 
artists can cost studios $2,500 a day. Creative directors must assure that these expensive 
resources are kept creating art forms for 3D animation movies, commercials, and special 
effects and are not sitting around idle while waiting around for their images to finish 
rendering. 

The information systems operations group must understand the creative process 
as well as the technology that powers the rendering. This understanding is needed so 
they can predict demand for the render farm and maintain a high throughput of ren- 
der jobs to meet production deadlines as well as stay within the information systems 
budget. They must be constantly upgrading the computer hardware and adjusting 
capacity to meet demand. The faster the computer, the more energy it consumes and 
the more heat it generates so the operations group must seek out the most powerful 
and energy efficient computers available and employ green computing guidelines to 
govern its choices. 
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As you read about hardware and software, consider the following: 


e What major competitive advantages can organizations gain from the effective use 
of computer hardware and software? 

e What impact do the increasing capabilities and decreasing costs of hardware over 
time have on how organizations are using information system hardware? 


Why Learn About Hardware and Software? 


Organizations invest in computer hardware and software to improve worker productivity, increase reve- 
nue, reduce costs, provide better customer service, speed up time to market, and facilitate collaboration 
among employees. Organizations that don’t make wise hardware and software investments are often 
stuck with outdated equipment that is unreliable and that cannot take advantage of the latest software 
advances. Such obsolete hardware and software can serve as an anchor to progress and can place an 
organization at a competitive disadvantage. On the other hand, state-of-the-art hardware and software 
enable enhanced network and data security, increase productivity, improve employee morale, lower costs, 
and enable the organization to remain competitive. 

McDonald's is spending $6 billion to upgrade its U.S. stores with much of that going toward enhanc- 
ing the customer experience with digital self-order kiosks that make ordering and paying for a meal 
easier. Home Depot is adding 1,000 tech professionals as part of an $11 billion, three-year plan to build 
some of the most advanced software anywhere to help customers shop whenever, wherever, and however 
they want. Auto manufacturers are competing to put the most advanced navigation, entertainment, and 
self-driving software packages in their new models. 

Managers, no matter what their career field and educational background, are expected to help define 
the business needs that hardware and software must support. In addition, managers must be able to 
ask relevant questions and evaluate options when considering hardware and software investments for 
their areas of the business. This need is especially true in small organizations, which might not employ 
information system specialists. Managers in marketing, sales, and human resources often help IS special- 
ists assess opportunities to apply computer hardware and software. They help evaluate the options and 
features specified for the software. Managers in finance and accounting must keep an eye on the bottom 
line—guarding against overspending—yet be willing to invest in computer hardware and software when 
and where business conditions warrant it. 


Anatomy of a Computer 


The four fundamental computer system hardware components include the 
processor (also known as the CPU), memory, buses, and input/output devices 
as shown in Figure 4.1. Each component has a key role to play. 


Basic anatomy of a computer 
Computer hardware components 
include the central processing unit 
or cpu, memory, bus, and input/ 
output devices. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


core: Receives instructions and 
performs calculations, or actions, 
based on those instructions. 


memory: A component of the 
computer that provides the processor 
with a working storage area to hold 
program instructions and data. 


bus: A set of electronic circuits used 
to route data and instructions to and 
from the various components of a 
computer. 


input/output devices: A computer 
component that provides data and 
instructions to the computer and 
receives results from it. 
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The core of a computer receives instructions and performs calculations, or 
actions, based on those instructions. The processor known as the central pro- 
cessing unit or CPU is capable of executing millions of instructions per second. 

Memory provides the processor with a working storage area to hold pro- 
gram instructions and data. It rapidly provides data and instructions to the pro- 
cessor. Memory storage is frequently measured in units of gigabytes or billions 
of bytes of data. Each byte is capable of representing one character of data. 

Data and instructions are routed to and from the various components over 
the bus, a set of electronic circuits. The bus speed determines the speed at 
which data is transferred between all the hardware components in the com- 
puter. If the computer has a slow bus, the processor has to wait to receive 
instructions, which makes the computer run slower. 

Input/output devices provide data and instructions to the computer and 
receive results from it. 

The components of the computer work together to complete the instruc- 
tions (e.g., multiply, divide, add, subtract, compare) of a computer program to 
accomplish the goals of the user (e.g., send/receive email, develop a profit fore- 
cast, pay an invoice). Completing an instruction involves two phases (instruc- 
tion or I-Time, and execution or E-Time), which are broken down into the 
following four steps (see Figure 4.2): 


Instruction phase: 


e Fetch instruction. The computer reads the next program instruction to 
be executed—along with any necessary data—into the processor. The 
instruction and data are typically held in a storage register. 

e Decode instruction. The instruction is decoded and passed to the 
appropriate processor execution unit. 


Execution phase: 


e Execute instruction. The computer executes the instruction by mak- 
ing an arithmetic computation, logical comparison, bit shift, or vector 
operation. 

e Store results. The results are stored in temporary storage locations 
called registers or in memory. 


Processing device 


Control unit ALU 
(2) Decode (3) Execute 


(1) Fetch 


Registers 


Execution of an instruction 

(1) In the instruction phase, a program's instructions and any necessary data are read into 
the processor. (2) The instruction is then decoded by the control unit of the cpu so that the 
central processor can understand what to do. (3) In the execution phase, the arithmetic and 
logic unit (alu) component of the cpu does what it is instructed to do, making either an arith- 
metic computation or a logical comparison. (4) The results are then stored in the registers or 
in memory. The instruction and execution phases together make up one machine cycle. 
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multicore processor: A processor 
that has two or more independent 
processing units, called cores, that are 
capable of sequencing and executing 
instructions. 


clock speed: A series of electronic 
pulses produced at a predetermined 
rate that affects machine cycle time. 


gigahertz (GHz): A unit of 
frequency that is equal to one billion 
cycles per second; a measure of clock 
speed. 


integrated circuit (IC): A set of 
electronic circuits on one small piece 
of semiconductor material, normally 

silicon. 


semiconductor fabrication 
plant: A factory where integrated 
circuits are manufactured; also called a 
fab or a foundry. 


Processor 


A multicore processor has two or more independent processing units, called 
cores, that are capable of sequencing and executing instructions. A processor 
with two cores is called a dual-core processor and one with four cores is called 
a quad-core processor. Personal computer processors are available with two, 
four, six, and eight cores. The more cores a processor has, the more sets of 
instructions the processor can receive and process at the same time enabling 
it to complete more work per unit of time. 

Each processor produces a series of electronic pulses at a predetermined 
rate, called the clock speed, which governs the speed at which these steps 
are completed. Clock speed is measured in gigahertz (GHz), which is a unit 
of frequency that is equal to one billion cycles per second. Most of today’s 
personal computers operate in the 1-4 GHz range. The higher the clock speed, 
the shorter the interval between pulses and the faster instructions can be 
completed. 

Unfortunately, the faster the clock speed of the processor, the more heat 
the processor generates. This heat must be dissipated to avoid corrupting 
the data and instructions the computer is trying to process. Thus, processors 
that run at higher temperatures need bigger heat sinks (a device or sub- 
stance for absorbing excessive heat), fans, and other components to elim- 
inate the excess heat. This increases the size and weight of the computing 
device. 


Manufacturing Processors 

An integrated circuit (IC)—or chip—is a set of electronic circuits on one small 
piece of semiconductor material, normally silicon. ICs can be made extremely 
small with up to several billion electronic components packed into an area the 
size of a fingernail. Processors and memory chips are examples of integrated 
circuits. 

A semiconductor fabrication plant (also called a fab or foundry) is a 
factory where integrated circuits are manufactured. Extreme ultraviolet lithog- 
raphy (EUVL) is a highly complex process used in manufacturing computer 
chips with feature sizes that are extremely small—measured in nanometers 
(nm) or billionths of a meter. EUVL involves directing a laser beam at xeon 
gas to heat it up and eject electrons to etch the tiny components of the chip. 
The entire process must occur in a vacuum. Intel is able to create chips with 
features that measure as small as 10 nm across. AMD is expected to achieve 
7 nm lithography, a form of printing, by 2020. For perspective, a molecule of 
water is about 0.5 nm across. 

Intel, Samsung, and STMicroelectronics design and manufacture their chips 
in their own fab plants. Some organizations operate a semiconductor fab for the 
purpose of fabricating the designs of other companies. Such organizations are 
known as foundry companies. Apple, Qualcomm, Nvidia, and AMD are exam- 
ples of fabless manufacturers; they outsource their manufacturing to foundry 
companies who fabricate the design. 

Fabs are extremely expensive to set up and require many expensive devices 
to function. Intel plans to complete the Intel Fab 42 semiconductor factory in 
Chandler, Arizona at a cost of more than $7 billion by 2021. When fully opera- 
tional, the factory will employ about 3,000 process engineers, equipment tech- 
nicians, and facilities-support engineers and technicians. The fab will produce 
advanced 7 nanometer chips.' 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


multiprocessing: The 
simultaneous execution of two or more 
instructions at the same time. 


coprocessor: The part of the 
computer that speeds processing by 
executing specific types of instructions 
while the CPU works on another 
processing activity. 


parallel processing: The 
simultaneous execution of the same 
task on multiple processors to obtain 
results faster. 


massively parallel processing 
systems: A system that speeds 
processing by linking hundreds or 
thousands of processors to operate at 
the same time, or in parallel, with each 
processor having its own bus, memory, 
disks, copy of the operating system, 
and applications. 


grid computing: The use of a 
collection of computers, often owned 
by multiple individuals or organizations, 
that work in a coordinated manner to 
solve a common problem. 
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Multiprocessing 

Multiprocessing involves the simultaneous execution of two or more instruc- 
tions at the same time. One form of multiprocessing uses coprocessors. A 
coprocessor speeds processing by executing specific types of instructions 
while the CPU works on another processing activity. Coprocessors can be 
internal or external to the CPU and can have different clock speeds than the 
CPU. Each type of coprocessor performs a specific function. For example, a 
math coprocessor chip speeds mathematical calculations, while a graphics 
coprocessor chip decreases the time it takes to manipulate graphics. 

The first computer processor was the Intel 4004 with a single 740 kHz pro- 
cessor capable of processing roughly 92,000 instructions per second. Today’s 
processors are multicore GHz processors capable of processing over 100 billion 
instructions per second. All computers are multicore processors these days; 
even the iPhone 4s has two cores. 


Parallel Processing 


Parallel processing is the simultaneous execution of the same task on multi- 
ple processors to obtain results more quickly. Systems with thousands of such 
processors are known as massively parallel processing systems, a form of 
multiprocessing that speeds processing by linking hundreds or even thousands 
of processors to operate at the same time, or in parallel, with each processor 
having its own bus, memory, disks, copy of the operating system, and appli- 
cations. The processors might communicate with one another to coordinate 
when executing a computer program, or they might run independently of one 
another under the direction of another processor that distributes the work to 
the various processors and collects their results. 

The most frequent uses for parallel processing include modelling, simula- 
tion, and analyzing large amounts of data. For example, parallel processing is 
used in medicine to develop new imaging systems that complete ultrasound 
scans in less time and with greater accuracy, enabling doctors to provide better, 
more timely diagnoses to patients. Instead of building physical models of new 
products, engineers can create virtual models and use parallel computing to 
test how the products work and then change design elements and materials 
as needed. 

Over the past quarter century, scientists have made rapid progress in 
using DNA, the molecule of life, to perform computer-like computations 
within living cells. DNA molecules can take on an astronomical number of 
potential sequences providing the opportunity to perform many computa- 
tional operations at the same time. In the future, DNA computing may be 
capable of working inside living cells and combining with their existing 
biochemistry to provide new methods of disease detection and treatment 
possible. 

Grid computing is the use of a collection of computers, often owned by 
multiple individuals or organizations, that work in a coordinated manner to 
solve a common problem. Grid computing is a low-cost approach to paral- 
lel processing. The grid can include dozens, hundreds, or even thousands of 
computers that run collectively to solve extremely large processing problems. 
Key to the success of grid computing is a central server that acts as the grid 
leader and traffic monitor. This controlling server divides the computing task 
into subtasks and assigns the work to computers on the grid that have (at 
least temporarily) surplus processing power. The central server also monitors 
the processing, and if a member of the grid fails to complete a subtask, the 
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main memory: The component of 
a computer that provides the CPU with 
a working storage area for program 
instructions and data. 


byte (B): Eight bits that together 
represent a single character of data. 


random access memory 
(RAM): A form of memory in which 
instructions or data can be temporarily 
stored. 


server restarts or reassigns the task. When all the subtasks are completed, the 
controlling server combines the results and advances to the next task until the 
whole job is completed. 

Some 650,000 individuals and 460 organizations have donated their com- 
puting device’s unused capacity to the World Community Grid to support 
over two dozen research projects related to health, poverty, and sustainability. 
These include such projects as identifying new drug candidates to combat the 
childhood cancer neuroblastoma, discovering innovative ways to provide clean 
water to millions, and finding novel materials for capturing solar power more 
efficiently. Donors choose a research area of interest to them, download and 
install a toolkit called BOINC, and join the thousands of volunteers allowing 
their device to perform research calculations when it would otherwise be idle, 
thus helping scientists get results in months instead of decades.* 


Main Memory 


Main memory provides the CPU with a working storage area for program 
instructions and data. The chief function of memory is to rapidly provide data 
and instructions to the CPU. In order for their systems to run efficiently, orga- 
nizations must invest in a sufficient amount of main memory. Organizations 
also need large amounts of secondary storage to hold the huge quantities of 
data that cannot fit within the limits of main memory. 

Like the CPU, memory devices contain thousands of circuits imprinted on 
silicon chips. Each circuit is either conducting electrical current (on) or not 
conducting current (off). Data is stored in memory as a combination of on or 
off circuit states. Usually, 8 bits are used to represent a character, such as the 
letter A. Eight bits together form a byte (B). In most cases, storage capacity is 
measured in bytes, with 1 byte equivalent to one character of data. The con- 
tents of the Library of Congress, with over 126 million items and 530 miles of 
bookshelves, would require about 20 petabytes of digital storage. Table 4.1 lists 
units for measuring computer storage. 


TABLE 4.1 Computer storage units 


Name Abbreviation Number of Bytes 
Byte B 1 

Kilobyte KB 1,000 
Megabyte MB 1,000? 
Gigabyte GB 1,000° 
Terabyte TB 1,000* 
Petabyte PB 1,000° 
Exabyte EB 1,000° 
Zettabyte ZB 1,000’ 
Yottabyte YB 1,000° 


RAM and Cache 


Computer memory can take several forms. Instructions or data can be tempo- 
rarily stored in and read from random access memory (RAM). As currently 
designed, RAM chips are volatile storage devices, meaning they lose their 
contents if the current is turned off or disrupted, which can be caused by a 
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cache memory: A type of high- 
speed memory that a processor 
can access more rapidly than main 
memory. 


read-only memory (ROM): A 
nonvolatile form of memory. 
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power surge, a brownout, or electrical noise generated by lightning or nearby 
machines. RAM chips are mounted directly on the computer’s main circuit 
board or in other chips mounted on peripheral cards that plug into the main 
circuit board. These RAM chips consist of millions of switches that are sensitive 
to changes in electric current. 

RAM comes in many varieties: Static random access memory (SRAM) is 
byte-addressable storage used for high-speed registers and caches; dynamic 
random access memory (DRAM) is byte-addressable storage used for the 
main memory in a computer; and double data rate synchronous dynamic 
random access memory (DDR SDRAM) is an improved form of DRAM that 
effectively doubles the rate at which data can be moved in and out of main 
memory. DDR has been superseded by second-, third-, and fourth-generation 
DDR called DDR2, DDR3, and DDR4, respectively. DDR3 requires 1.5 volts 
of electrical power to operate, while DDR4 needs just 1.2 volts. DDR4 also 
supports a deep power-down mode, which allows the host device to go into 
standby without needing to refresh its memory—reducing standby power 
consumption by up to 50 percent. Thus, DDR4 reduces the energy required 
to run portable devices and servers. This means longer battery life for por- 
table computer users and lower electric bills for organizations that operate 
server farms.° 

Although microprocessor speed has roughly doubled every 24 months over 
the past several decades, memory performance has not kept pace. In effect, 
memory has become the principal bottleneck to system performance. Cache 
memory is a type of high-speed memory that a processor can access more 
rapidly than main memory to help ease this bottleneck. Frequently used data 
is stored in easily accessible cache memory instead of slower memory, such as 
RAM. Because cache memory holds less data, the CPU can access the desired 
data and instructions more quickly than when selecting from the larger set in 
primary storage. Thus, the CPU can execute instructions faster, improving the 
overall performance of the computer system. Cache memory is available in 
three forms. The level 1 (L1) cache is on the CPU chip. The level 2 (L2) cache 
memory can be accessed by the CPU over a high-speed dedicated interface. 
The latest processors go a step further, placing the L2 cache directly on the 
CPU chip itself and providing high-speed support for a tertiary level 3 (L3) 
external cache. 

Read-only memory (ROM), another type of memory, is nonvolatile, mean- 
ing that its contents are not lost if the power is turned off or interrupted. ROM 
provides permanent storage for data and instructions that do not change, such 
as programs and data from the computer manufacturer, including the instruc- 
tions that tell the computer how to start up when power is turned on. ROM 
memory also comes in a couple varieties. Programmable read-only memory 
(PROM) is used to hold data and instructions that can never be changed. Elec- 
trically erasable programmable read-only memory (EEPROM) is user-modifiable 
read-only memory that can be erased and reprogrammed repeatedly through 
the application of higher-than-normal electrical voltage. 


Secondary Storage 


Storing data safely and effectively is critical to an organization’s success. Driven 
by many factors—such as needing to retain more data longer to meet govern- 
ment regulatory concerns, storing new forms of digital data such as audio and 
video, and keeping systems running under the onslaught of increasing volumes 
of email—the world’s information is more than doubling every two years. 
Nearly 6 zettabytes (6 X10” bytes) of information was created and stored in 
2013 alone.‘ It is mainly unstructured digital content such as video, audio, and 
image objects that is fueling this growth. 
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For most organizations, the best overall data storage solution is likely a com- 
secondary storage: A device bination of different secondary storage options that can store large amounts of 
that stores large amounts of data, data, instructions, and information more permanently than allowed with main 
instructions, and information more memory. Compared with memory, secondary storage offers the advantages of 
permanently than allowed with main as p 
MEGY. nonvolatility, greater capacity, and greater economy. On a cost-per-megabyte 

basis, secondary storage is considerably less expensive than primary memory. 
The selection of secondary storage media and devices requires understanding 
their primary characteristics: access method, capacity, and portability. 

As with other computer system components, the access methods, storage 
capacities, and portability required of secondary storage media are determined 
by the business requirements that must be met. An objective of a credit card 
company might be to rapidly retrieve stored customer data to approve con- 
sumer purchases. In this case, a fast access method is critical. In other cases, 
such as equipping the Coca-Cola field salesforce with smartphones, portability 
and ruggedness might be major considerations in selecting and using second- 
ary storage media and devices. 

In addition to cost, capacity, portability, and ruggedness, organizations 
must address security issues so that only authorized people are allowed access 
to sensitive data and critical programs. Because the data and programs kept 
on secondary storage devices are so critical to most organizations, all of these 
issues merit careful consideration. 

Secondary data storage is not directly accessible by the CPU. Instead, com- 
puters usually use input/output channels to access secondary storage and then 
transfer the desired data using intermediate areas in primary storage. The most 
common forms of secondary storage devices are magnetic, optical, and solid 
state. 


Secondary Storage Devices 
Magnetic storage uses tape or disk devices covered with a thin magnetic coat- 
magnetic tape: A type of ing that enables data to be stored as magnetic particles. Magnetic tape is a type 
sequential secondary storage medium, of secondary storage medium, which is frequently used for storing backups of 
now used primarily for storing backups critical organizational data in the event of a disaster. Examples of tape storage 
ok oritical organizational data initha devices include cassettes and cartridges measuring a few millimeters in diame- 
event of a disaster. 
ter, requiring very little storage space. Magnetic tape has been used as storage 
media since the time of the earliest computers, such as the 1951 Univac com- 
puter. Continuing advancements have kept magnetic tape as a viable storage 
medium. The High-End Computing Capability (HECC) Project at NASA offers 
scientists and engineers access to supercomputing systems services that are 
backed up by a 132-petabyte tape storage system. Many such supercomputers, 
including those deployed at the National Center for Atmospheric Research, use 
robotic tape backup systems. See Figure 4.3. 
hard disk drive (HDD): A direct A hard disk drive (HDD) is a direct access storage device used to store 
access storage device used to store and retrieve data from rapidly rotating disks coated with magnetic material. 
and retrieve data from rapidly rotating A hard disk represents bits of data with small magnetized areas and uses a 
disks coated with magnetic material. . z f : F 
read/write head to go directly to the desired piece of data. Because direct 
access allows fast data retrieval, this type of storage is used by organizations 
that need to respond quickly to customer requests, such as airlines and credit 
card firms. For example, information on the credit history of a customer or 
the seat availability on a particular flight would likely be stored on a direct 
access hard disk drive so that a customer service representative or manager 
could obtain that data in seconds. Hard disk drives vary widely in capacity and 
portability. 

Putting an organization’s data online involves a serious business risk—the 
loss of critical data can put a corporation out of business. The concern is that 
the most critical mechanical components inside a HDD storage device—the 
disk drives, the fans, and read/write heads—can fail. Thus, organizations 
now require that their data storage devices be fault tolerant, that is, they can 
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Robotic tape backup system 
The national center for atmospheric 
research uses a robotic tape 
backup system to back up a fleet 
of supercomputers that solve the 
world’s most computationally inten- 
sive climate-modeling problems. 


redundant array of 
independent/inexpensive disks 
(RAID): A method of storing data 
that generates extra bits of data from 
existing data, allowing the system to 
create a “reconstruction map” so that 
if a hard drive fails, the system can 
rebuild lost data. 


virtual tape: A storage device for 
less frequently needed data. With 
virtual tape systems, data appears to 
be stored entirely on tape cartridges, 
although some parts of it might 
actually be located on faster hard 
disks. 


solid state storage device 
(SSD): A storage device that stores 
data in memory chips rather than on 
hard disk drives or optical media. 
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U.S Department of Energy 


continue with little or no loss of performance if one or more key compo- 
nents fail. In response, disk manufacturers are continually developing new 
technologies that will improve the performance and reliability of their hard 
disk drives. 

A redundant array of independent/inexpensive disks (RAID) is a 
method of storing data that generates extra bits of data from existing data, 
allowing the system to create a “reconstruction map” so that if a hard drive 
fails, it can rebuild lost data. With this approach, data can be split and stored 
on different physical disk drives, using a technique called striping that evenly 
distributes the data. RAID technology has been applied to storage systems to 
improve system performance and reliability. 

RAID can be implemented in several ways. RAID 1 subsystems duplicate 
data on the hard drives. This process, called “disk mirroring,” provides an exact 
copy that protects users fully in the event of data loss. However, to keep com- 
plete duplicates of current backups, organizations need to double the amount 
of their storage capacity. Other RAID methods are less expensive because they 
duplicate only part of the data, allowing storage managers to minimize the 
amount of extra disk space they must purchase to protect data. 

Virtual tape is a storage technology suitable for less frequently needed 
data. With virtual tape systems, data appears to be stored entirely on tape 
cartridges, although some parts might actually be located on faster hard disks. 
The software associated with a virtual tape system is sometimes called a virtual 
tape server. Virtual tape can be used with a sophisticated storage-management 
system that moves data to slower but less costly forms of storage media as 
people use the data less often. Virtual tape technology can decrease data access 
time, lower the total cost of ownership, and reduce the amount of floor space 
consumed by tape operations. 


Solid State Secondary Storage Devices 


A solid state storage device (SSD) stores data in memory chips rather than 
on hard disk drives or optical media. These memory chips require less power 
and provide much faster data access than magnetic data storage devices. In 
addition, SSDs have no moving parts, so they are less fragile than hard disk 
drives. All these factors make the SSD a preferred choice over hard disk drives 
for portable computers. 
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A universal serial bus (USB) flash drive is one example of a commonly 
used SSD. USB flash drives are external to the computer and are removable 
and rewritable. Most weigh less than an ounce and can provide a wide range 
of storage capacity. 


Input/Output Devices 


Input and output devices are the gateways to the computer system—you use 
them to provide data and instructions to the computer and receive results from 
it. Input and output devices are part of a computer’s user interface, which 
includes other hardware devices and software that allow you to interact with 
a computer system. 

In general, businesses want input devices that let them accurately and 
rapidly enter data into a computer system, and they want output devices that 
let them produce timely results. Some organizations have very specific needs 
for input and output, requiring devices that perform specific functions. The 
more specialized the application, the more specialized the associated system 
input and output devices. 

Getting data into a computer—input—often requires transferring 
human-readable data, such as a sales order, into a computer system. 
“Human-readable data” means data that people can read and understand. The 
temperature registered on a thermometer is an example of human-readable 
data. An example of machine-readable data is the universal bar code on many 
grocery and retail items that indicates the stock-keeping identification number 
for that item. To the human eye, the universal bar code is unintelligible and 
looks like a series of vertical bars of varying thicknesses. Some data, such as 
magnetic ink on bank checks, can be read by people and machines. Usually, 
people begin the input process by organizing human-readable data and trans- 
forming it into machine-readable data. Every keystroke on a keyboard, for 
example, turns a letter symbol of a human language into a digital code that 
the machine can manipulate. 

Data entry and input devices come in many forms. They range from special- 
purpose devices that capture specific types of data to more general-purpose 
input devices. Some of the special-purpose data entry and input devices are 
discussed later in this chapter. First, we focus on devices used to enter and 
input general types of data, including text, audio, images, and video for per- 
sonal computers. 


Common Personal Computer Input Devices 

A keyboard and a computer mouse are common devices used for entry and 
input of data, such as characters, text, and basic commands. Some companies 
manufacture keyboards that are more comfortable, more easily adjusted, and 
faster to use than standard keyboards. These ergonomic keyboards, such as the 
split keyboard, are designed to help users avoid wrist and hand injuries caused 
by hours of typing. Other keyboards include touch pads, which let you enter 
sketches on the touch pad while still using keys to enter text. See Figure 4.4. 
A mouse is used to point to and click symbols, icons, menus, and commands 
on the screen. The computer takes a number of actions in response, such as 
entering data into the computer system. Many mice and keyboards are now 
wireless, helping to keep a physical desktop free from clutter. 


Optical Data Readers 


Individuals and organizations can also use a special scanning device called 
an optical data reader to scan documents. The two categories of optical data 
readers are optical mark recognition (OMR) and optical character recognition 
(OCR). OMR readers are used for tasks such as grading tests and scanning 
forms. With this technology, pencils are used to fill in bubbles or check boxes 
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Drawing pad and integrated 
keyboard 

A drawing pad and integrated 
keyboard can replace a traditional 
keyboard and mouse for input. 


radio frequency identification 
(RFID): A technology that employs 
a microchip with an antenna to 
broadcast its unique identifier and 
location to receivers. 
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on OMR paper, which is also called a “mark sense form.” OMR systems are 
used in standardized tests, including the SAT and GMAT tests, and to record 
votes in elections. 

In contrast, most OCR readers use reflected light to recognize and scan 
various machine-generated characters. With special software, OCR readers can 
also convert handwritten or typed documents into digital data. After data is 
entered, it can be shared, modified, and distributed over computer networks 
to hundreds or thousands of people. Previously, the use of OCR technology 
required a special scanner device that creates an image of the characters 
to be converted. Expensive OCR software was then required to convert that 
image into text. However, it is now possible to complete this process using 
the camera in an Android smartphone or tablet. Once the image is stored on 
the camera or tablet, you use the Google Drive app for Android to copy the 
image to Google Drive, where Google’s software and servers will do the OCR 
conversion at no cost. 


Bar-Code Scanners 


A bar-code scanner employs a laser scanner to read a bar-coded label and pass 
the data to a computer. The bar-code reader may be stationary or handheld 
to support a wide variety of uses. This form of input is used widely in-store 
checkouts and warehouse inventory control. Bar codes are also used in hos- 
pitals, where a nurse scans a patient’s wristband and then a bar code on the 
medication about to be administered to prevent medication errors. 

Several companies have created applications that convert a cell phone cam- 
era into a bar-code reader. You can scan a bar code from a print ad, packaging, 
or label to launch Web sites and buy items with a few clicks. 


Radio Frequency Identification (RFID) Devices 


Radio frequency identification (RFID) is a technology that employs a micro- 
chip with an antenna to broadcast its unique identifier and location to receiv- 
ers. The purpose of an RFID system is to transmit data by a mobile device, 
called a tag (see Figure 4.5), which is read by an RFID reader and processed 
according to the needs of a computer program. One popular application of 
RFID is to place microchips on retail items and install in-store readers that 
track the inventory on the shelves to determine when shelves should be 
restocked. The RFID tag chip includes a special form of EPROM memory that 
holds data about the item to which the tag is attached. A radio frequency 
signal can update this memory as the status of the item changes. The data 
transmitted by the tag might provide identification, location information, or 
details about the product tagged, such as date of manufacture, retail price, 
color, or date of purchase. 
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RFID tag 

An rfid tag is small compared with 
current bar-code labels used to 
identify items. 


iStock.com/albin 


Pen Input Devices 


By touching the screen with a pen input device, you can activate a com- 
mand or cause the computer to perform a task, enter handwritten notes, and 
draw objects and figures. Pen input requires special software and hardware. 
Handwriting-recognition software, for example, converts onscreen handwriting 
into text. Many tablet computers can transform handwriting into typed text and 
store the “digital ink” just the way a person writes it. People can use a pen to 
write and send email, add comments to documents, mark up presentations, 
and even hand draw charts in a document. The data can then be moved, high- 
lighted, searched, and converted into text. If perfected, this interface is likely 
to become widely used. Pen input is especially attractive to people who are 
uncomfortable using a keyboard. The success of pen input depends on how 
accurately and at what cost handwriting can be read and translated into digital 
form. 


Touch Screens 


Advances in screen technology allow display screens to function as input as 
well as output devices. By touching certain parts of a touch-sensitive screen, 
you can start a program or trigger other types of action. Touch screens can 
remove the need for a keyboard, which conserves space and increases porta- 
bility. Touch screens are frequently used at gas stations to allow customers to 
select grades of gas and request a receipt; on photocopy machines for selecting 
options; at fast-food restaurants for entering customer choices; at information 
centers for finding facts about local eating and drinking establishments; and 
at amusement parks to provide directions to patrons. They also are used in 
kiosks at airports and department stores. Touch screens are also being used 
for gathering votes in elections. 

As touch screens get smaller, the user’s fingers begin to block the infor- 
mation on the display. Nanotouch technology is being explored as a means of 
overcoming this problem. With this technology, users control the touch screen 
from its backside so that fingers do not block the display. As the user’s finger 
moves on the back of the display, a tiny graphical finger is projected onto the 
touch screen. Such displays are useful for mobile audio players that are about 
the size of a coin. 

Application developers are busy trying to find ways to take advantage 
of Apple’s 3D Touch feature, which the company introduced in the fall of 
2015 with its iPhone 6s smartphone. 3D Touch uses a pressure-sensitive touch 
screen that measures how forcefully you press down on the screen. The new 
feature adds “peek” and “pop” gestures to the tap, swipe, and pinch gestures 
with which most smartphone users are familiar. 3D Touch is designed to bring 
a new dimension of functionality to the iPhone, allowing users to both see 
and feel what a press can do. OpenTable, an online restaurant-reservation 
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and review service, has included 3D Touch features in the latest version of 
its iPhone apps. Users can 3D Touch the app’s icon to quickly view favorite 
restaurants and upcoming reservations. Within the app, users can “peek” at a 
restaurant’s details by pressing lightly on the name of the restaurant in a list 
of search results. Swiping up offers the ability to instantly see available reser- 
vation times, and pressing harder on a restaurant name “pops” a user to the 
restaurant’s full profile.’ 


Output Devices 


Computer systems provide output to decision makers at all levels of an orga- 
nization so they can solve a business problem or capitalize on a competitive 
opportunity. In addition, output from one computer system can provide input 
into another computer system. The desired form of this output might be visual, 
audio, or even digital. Whatever the output’s content or form, output devices 
are designed to provide the right information to the right person in the right 
format at the right time. 


Display Screens 

The display screen is a device used to show the output from the computer. 
Today a variety of flat-panel display screens are far lighter and thinner than 
the early cathode-ray tubes (CRTs) associated with early computers. Table 4.2 
compares types of flat-panel display screens. 


TABLE 4.2 Various types of flat-panel displays 


Type 
Liquid crystal display (LCD) 


Light-emitting diode (LED) 


Organic light-emitting diode 
(OLED) 


Plasma 


computer graphics card: A 
component of a computer that 

takes binary data from the CPU and 
translates it into an image you see on 
your display device. 


Description Noteworthy Feature 
Uses several layers of charged liquid The viewing angle tends to be worse 
crystals placed between clear plates than that of plasma displays 


that are lit from behind by a fluorescent 
light to create light and images 


An LCD display that uses light-emitting Provides better contrast and lower 

diodes (LEDs) as backlight on the energy consumption than LCDs 

screen rather than a fluorescent lamp 

Functions by exciting organic Does not employ a backlight, which 

compounds with electric current to enables improved contrast and lower 

produce bright, sharp images power consumption than LCD and LED 
LCD displays 

Uses electricity to excite gas atoms to Performs well in dark conditions but 

light up appropriate phosphors on the not as well in well-lit rooms 


screen to emit light and color 


With today’s wide selection of display screens, price and overall quality can 
vary tremendously. The quality of a screen image is largely determined by the 
number of horizontal and vertical pixels used to create it. The images shown 
on your display device are composed of a million or more pixels. Resolution is 
the total number of pixels contained in the display; the more pixels, the clearer 
and sharper the image. A common resolution is 2,040 horizontal pixels x 
1,536 vertical pixels. The size of the display monitor also affects the quality of 
the viewing. The same pixel resolution on a small screen is sharper than on a 
larger screen, where the same number of pixels is spread out over a larger area. 

The computer graphics card takes binary data from the CPU and trans- 
lates it into an image you see on your display device. It is the computer 
graphics card that controls the quality of the image and determines how many 
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graphics processing unit 
(GPU): A powerful processing chip 
that renders images on the screen 
display. 


display devices can be attached to the computer. The computer graphics card 
holds the graphics processing unit (GPU), a powerful processing chip that 
renders images on the display screen. After the computer graphics card takes 
binary data from the CPU, the GPU decides what to do with each pixel on 
the screen to create the image. As the GPU creates images, it uses RAM on 
the graphics card (called video RAM or VRAM) to store data about each pixel, 
including its color and location on the screen. One measure of a video card’s 
performance is how many complete images the card can display per second, 
which is called the frame rate. The human eye can process roughly 25 frames 
per second; however, many video games require a frame rate of at least 60 
frames per second to provide a good user experience. 

Because many users leave their computers on for hours at a time, power 
usage is an important factor when deciding which type of display to purchase. 
Although power usage varies from model to model, OLED displays are the most 
energy efficient, with LCD monitors generally consuming between 35 and 50 
percent less power than plasma screens. 

Aspect ratio and screen size describe the size of the display screen. Aspect 
ratio is the ratio of the width of the display to its height. The aspect ratio of 
width to height of 4:3 or 5:4 is good for people who use their computer to 
view or create Web pages or documents. Widescreen displays typically have an 
aspect ratio of 16:10 or 16:9 to allow improved viewing of movies and video 
games. 


Printers and Plotters 


One of the most useful and common forms of output is called hard copy, which 
is simply paper output from a printer. The two main types of printers are laser 
printers and inkjet printers, and they are available with different speeds, fea- 
tures, and capabilities. Some can be set up to accommodate paper forms, such 
as blank check forms and invoice forms. Newer printers allow businesses to 
create full-color, customized, and individualized printed output using standard 
paper and data input. Ticket-receipt printers, such as those used in restaurants, 
ATMs, and point-of-sale systems are in wide-scale use. 

The speed of a printer is typically measured by the number of pages 
printed per minute (ppm). Similar to a display screen, the quality, or res- 
olution, of a printer’s output depends on the number of dots printed per 
inch (dpi). A 600-dpi printer prints more clearly than a 300-dpi printer. 
A recurring cost of using a printer is the inkjet or laser cartridge that must be 
replaced periodically—every few thousand pages for laser printers and every 
500-900 pages for inkjet printers. 

Inkjet printers that can print 10-40 ppm for black and white output and 
5-20 ppm for color output are available for less than $175. With an initial cost 
much less than color laser printers, inkjet printers can print vivid hues and 
can produce high-quality banners, graphics, greeting cards, letters, text, and 
photo prints. 

Laser printers are generally faster than inkjet printers and can handle a 
heavier print load volume. A monochrome laser printer can print 25-45 ppm 
and cost anywhere from $150 to $700. Color laser printers can print color pages 
at a rate of 10-35 ppm and are available in a wide range of prices—from $300 
to more than $3,500 for a high-quality color laser printer. 

A number of manufacturers offer multiple-function printers that can copy, 
print (in color or black and white), fax, and scan. Such multifunctional devices 
are often used when people need to do a relatively low volume of copying, 
printing, faxing, and scanning. Typical prices for multifunction printers range 
from $100 to $500, depending on features and capabilities. Because these 
devices take the place of more than one piece of equipment, they are less 
expensive to acquire and maintain than a stand-alone fax plus a stand-alone 
printer, copier, and so on. Also, eliminating equipment that was once located 
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on a countertop or desktop clears a workspace for other work-related activities. 
As a result, such devices are popular in homes and small office settings. 

Mobile print solutions enable users to wirelessly send documents, email 
messages and attachments, presentations, and even boarding passes from any 
smartphone, tablet, or laptop to any mobile-enabled printer in the world. For 
example, PrinterOn Enterprise enables any print requests from any mobile or 
fixed device to be routed to any of over 10,000 printers worldwide that are 
configured with the PrinterOn Enterprise service. Mobile users who use the 
service only need to access a directory of PrinterOn printers and locations and 
then send an email with the attachment to be printed to the email address of 
the printer. American Airlines Admiral Club, Delta Sky Club, Embassy Suites, 
and DoubleTree by Hilton have installed PrinterOn printers at many of their 
locations. 

Plotters are a type of hard-copy output device used for general design 
work. Businesses typically use plotters to generate paper or acetate blueprints, 
schematics, and drawings of buildings or new products. Standard plot widths 
are 24 inches and 36 inches, and the length can be whatever meets the need— 
from a few inches to many feet. 


3D Printers 


3D printers have created a major breakthrough in how many items will be “man- 
ufactured.” See Figure 4.6. 3D printing technology takes a three-dimensional 
model of an object stored on a computer and sends it to a 3D printer to create 
the object using strands of a plastic filament or synthetic powder. The filament 
comes in spools of various colors and is fed through a heated extruder that 
moves in several directions to place super thin layers on top of each other. The 
stacks are then bonded together, often using ultraviolet light, to create a 3D 
object. 3D printers come with a wide range of capabilities in terms of how fast 
they can build objects and how large of an object they can build. 3D printers 
for home use typically run $1,000 and up, while commercial 3D printers can 
cost tens of thousands of dollars. 


oe 


3D printer 

3D print technology is making it 
possible to print objects ranging 
from everyday objects to houses. 


Kyrylo Glivin/Shutterstock.com 


3D printing is commonly used by aerospace firms, auto manufacturers, 
and other design-intensive companies. It is especially valuable during the con- 
ceptual stage of engineering design when the exact dimensions and material 
strength of the prototype are not critical. Some architectural design firms are 
using 3D printers to create full-color models of their projects to show clients. 
Cincinnati Children’s Hospital uses 3D printing to create models of patients’ 
hearts so that physicians can plan their surgery.’ 
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The automotive, electronics, and toy industries are early adopters of 
using 3D printing to improve upon traditional manufacturing processes. Ford 
Motor Company uses 3D printing to design the new engine cover of its next- 
generation Mustang. Following traditional methods, an engineer would first 
create a computer model and then wait for about four months for a prototype 
to be produced, at a cost of $500,000. Using 3D printing, Ford can print the 
prototype in just four days at a cost of only $3,000.° 
3D printing can cut costs and reduce the waste and carbon footprint associ- 
ated with traditional manufacturing. With 3D printing, production and assembly 
can be local, with no need to ship products thousands of miles to their desti- 
nation. Only the raw materials needed to create the object—be it carbon fiber, 
metal powder, plastic filament, or some other substance—are used. Product 
parts can be replaced using parts manufactured with 3D printing so the entire 
product doesn’t have to be disposed of and replaced each time it malfunctions. 
bioprinting: The use of 3D printers Biomedical engineers are exploring a process called bioprinting, which 
to build human parts and organs from uses 3D printers to build human parts and organs from actual human cells. For 
aelualnameanealls example, bioprinting is being used to create custom breast implants and grafts 
for cancer patients using the recipient’s own fat and skin cells.” Regenerative 
medicine pioneer Organovo is able to build blood vessels and cardiac tissue 
via a 3D printer that dispenses cells instead of ink. The firm plans to begin 
selling 3D printed liver tissue." 


Critical Time to Upgrade Your Computer 
Thinking 
Exercise 


æ TECHNOLOGY AGILITY 


You are shopping to significantly upgrade your current personal laptop computer 
and printer. You are heavy into gaming, film editing, and photo shopping. You need 
a laptop with a powerful CPU and high-quality screen plus a fast, high-quality, color 
printer. You have a budget of $2,500 for the hardware. 


Review Questions 


1. What features and specifications can you use to evaluate various laptops includ- 
ing the CPU and screen? 
2. What features and specifications can you use to evaluate various printers? 


Critical Thinking Questions 

1. Either go online or visit your local computer shop to identify and price one or 
two computers that best meet your needs and stay within your budget. 

2. Do the same to identify and price one or two printers that best meet your needs. 


Computer System Classes oe A 


In general, computers can be classified as either special-purpose or general- 
purpose. Special-purpose computers are used for limited applications, for 
example, by military, government, and scientific research groups such as the 
CIA and NASA. Other applications include specialized processors found in 
appliances, cars, and other products. For example, automobile repair shops 
connect special-purpose computers to your car’s engine to identify specific per- 
formance problems. As another example, IBM is developing a new generation 
of computer chips to develop so-called cognitive computers that are designed 
to mimic the way the human brain works. Rather than being programmed as 
today’s computers are, cognitive computers, such as IBM’s Watson computer, 
are able to learn through experiences and outcomes and mimic human learn- 
ing patterns. 
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General-purpose computers are used for a variety of applications, includ- 
ing the business applications you encounter at work and in college. General- 
purpose computer systems can be divided into three primary classes: portable 
computers used by one user at a time, nonportable computers used by one per- 
son at a time, and systems used by multiple concurrent users. Table 4.3 shows 
the general ranges of capabilities for various classes of computer systems. 


TABLE 4.3 Classes of computers 


Single-User Portable Computers: Used to run personal productivity software, access the Internet, read and prepare email 
and instant messages, play games, listen to music, watch videos, access corporate applications and databases, and enter 
data at the point of contact. 


Factor Smartphone Laptop Notebook Tablet 
Cost $120-$1,000 $300-$2,500 $300-$800 $75-$1,500 
Weight (pounds) <0.5 <8 <6 <2 

Screen size (inches) 2-5.5 <20 <12 <13 


Single-User Nonportable Computers: Meet a wide range of personal computing needs from simply entering data and 
accessing applications via the Internet to running productivity software to performing computer intensive engineering, 
computer-aided design, and software development functions. 


Factor Thin Client Desktop Nettop Workstation 
Cost $200-$500 $500-$3,000 $150-$550 $1,500-$9,500 
Weight (pounds) <3 20-30 <4 >20 


Multiple-User Computers: Meet the computing needs of an organization by supporting key functions such as email, 
printing, security, providing massive data storage and retrieval, and running applications that perform intensive data 
calculations. 


Factor Server Mainframe Supercomputer 
Cost >$500 >$75,000 >$250,000 
Weight (pounds) >25 >100 >100 


Portable Computers 


portable computers: A computer Many computer manufacturers offer a variety of portable computers, which 
small enough to carry easily. are small enough to carry easily. Portable computers include smartphones, 
laptops, notebooks, and tablets. 


Smartphones 


While features and capabilities vary from model to model and manufacturer to 
manufacturer, with most smartphones you can place calls, download and run 
apps (e.g., games, contact or to do list manager, and personal and business 
finance managers), send and receive text messages and email, view documents 
and files, take and send photos and videos, get driving directions via GPS, 
browse Web sites, and create a playlist of digital tunes. Smartphones employ 
a combination chipset called a “system on a chip,” which includes processor 
cores, RAM (random access memory) and ROM (read-only memory), interface 
controllers, and voltage regulators, as shown in Figure 4.7. With system on a 
chip, all the critical components of the smartphone are confined to a relatively 
small area, making the device faster and more energy efficient and reducing 
assembly costs. 
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Anatomy of a smartphone 
Smartphones employ a combination 
chipset called a “system on a chip,” 
which includes processor cores, 
ram and rom memory, interface 
controllers, and voltage regulators. 


laptop: A personal computer 
designed for use by mobile users, 
being small and light enough to sit 
comfortably on a user’s lap. 


tablet: A portable, lightweight 
computer with no keyboard that allows 
you to roam the office, home, or 
factory floor carrying the device like a 
clipboard. 


Modem 


User Input/output 


i | tt | 


Keyboard Display Microphone Speaker GPS Camera 


Laptop 

A laptop is a personal computer designed for use by mobile users; it is small 
and light enough to sit comfortably on a user’s lap. Laptops use a variety of 
flat-panel technologies to produce lightweight and thin display screens with 
good resolution. In terms of computing power, laptops can match most desk- 
top computers as they come with powerful CPUs as well as large-capacity 
primary memory and disk storage. This type of computer is highly popular 
among students and mobile workers who carry their laptops on trips and to 
meetings and classes. Many personal computer users now prefer a laptop over 
a desktop because of its portability, lower energy usage, and smaller space 
requirements. 


Notebooks 


Numerous portable computers are smaller than the typical laptop and have 
various names, including notebook and the even smaller ultrabook. Technically 
and traditionally, the difference between the laptop, notebook, and ultrabook 
computer was a matter of size and weight. Technology advances have resulted 
in much smaller and lighter components so differences in size and weight are 
no longer as significant. Today, the difference between a laptop, notebook, and 
ultrabook is mainly what the manufacturer chooses to call its product. 


Tablets 


A tablet is a portable, lightweight computer that can come with or without a 
keyboard and allows you to roam the office, home, or factory floor, carrying 
the device like a clipboard. You can enter text with a writing stylus directly on 
the screen, thanks to built-in handwriting-recognition software. Other input 
methods include an onscreen keyboard and speech recognition. 

Tablets that support input only via a writing stylus are called slate com- 
puters. The convertible tablet PC comes with a swivel screen and can be used 
as a traditional notebook or as a pen-based tablet PC. Most new tablets come 
with a front-facing camera for videoconferencing and a second camera for 
snapshot photos and video. Tablets are especially popular with students and 
gamers. They are also frequently used in the healthcare, retail, insurance, and 
manufacturing industries because of their versatility. A tablet computer that 
comes with a removable keyboard is also called a 2-in-1 tablet/PC. 

The Apple iPad is a tablet capable of running the same software that runs 
on the Apple iPhone and iPod touch devices, giving it a library of well over a 
million applications. It also runs software developed specifically for the iPad. 
The device supports Internet access over both wireless and cellular networks, 
and it includes an onscreen keypad, although a physical keyboard can also be 
attached. Apple offers a variety of iPad models, ranging from the iPad mini, 
which weighs 0.73 pounds and has a 7.9-inch screen, up to the iPad Pro, which 
weighs 1.5 pounds and has a 12.9-inch screen. 

A number of computer companies offer tablets to compete with Apple’s 
iPad, including the Amazon Fire, the Inspiron and Venue by Dell, the Nexus 
7 and Pixel 2 from Google, the Tab 4 and Yoga 920 from Lenovo, the Surface 
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thin client: A low-cost, centrally 
managed computer with no internal 
or external attached drives for data 
storage. 


desktop computers: A 
nonportable computer that fits on a 
desktop and can provide sufficient 
computing power, memory, and 
storage for most business computing 
tasks. 


nettop computers: A very small, 
inexpensive desktop computer typically 
used for Internet access, email, 
accessing Web-based applications, 
document processing, and audio/video 
playback. 


workstations: A more powerful 
personal computer used for 
mathematical computing, computer- 
assisted design, and other high-end 
processing but still small enough to fit 
on a desktop. 
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Pro from Microsoft, the Shield from Nvidia, the Tablet S and Xperia X72 from 
Sony, and the Encore 2 and Excite by Toshiba. 


Nonportable, Single-User Computers 


Nonportable single-user computers include thin client computers, desktop 
computers, nettop, and workstations. This class of computer is used to meet the 
unique data processing needs of the individual end users in an organization. 


Thin Clients 


A thin client is a low-cost, centrally managed computer with no internal or 
external attached drives for data storage. These computers have limited capabil- 
ities and perform only essential applications, so they remain “thin” in terms of 
the client applications they include. As stripped-down computers, they do not 
have the storage capacity or computing power of typical desktop computers, 
nor do they need it for the role they play. With no hard disk, they never pick 
up viruses or suffer a hard disk crash. Unlike personal computers, thin clients 
download data and software from a network when needed, making support, 
distribution, and updating of software applications much easier and less expen- 
sive. Thin clients work well in a cloud-computing environment to enable users 
to access the computing and data resources available within the cloud. The 
Chromebook, which runs the Chrome OS operating system, is a highly porta- 
ble device, is widely used in many schools, and is an example of a thin client. 

Since its founding, Certainty Home Loans has helped over 200,000 families 
finance their homes. Headquartered in Plano, Texas, the company offers home 
purchase, refinance, and renovation loans with offices in ten southern and 
southwestern states. The company employs thin clients that are inexpensive, 
energy efficient, and easy to manage. Data is never stored at the device itself, 
so if a device goes bad, the solution is simple: unplug it, replace it with another 
thin client, and send the original device back to headquarters for evaluation 
or replacement.” 


Desktop Computers 


Desktop computers are single-user computer systems that are highly versatile 
and can provide sufficient computing power, memory, and storage for most 
business computing tasks. 

The Apple iMac is a family of Macintosh desktop computers first intro- 
duced in 1998 in which all the components (including the CPU and the disk 
drives) fit behind the display screen. Core i5, i7, and i9 is a family of Intel 
desktop computers with a wide range in number of cores, amount of cache 
memory, and processor speeds. 


Nettop Computer 

Nettop computers are a very small, inexpensive desktop computer typically 
used for Internet access, email, accessing Web-based applications, document 
processing, and audio/video playback. A key feature of nettop computers is 
that they require perhaps one-tenth the amount of power to operate as a typical 
desktop computer. 


Workstations 

Workstations are more powerful than personal computers but still small 
enough to fit on a desktop. They are used to support engineering and technical 
users who perform heavy mathematical computing, computer-assisted design 
(CAD), video editing, and other applications requiring a high-end processor. 
Such users need very powerful CPUs, large amounts of main memory, and 
extremely high-resolution graphic displays. Workstations are typically more 
expensive than the average desktop computer. Some computer manufacturers 
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server: A computer employed by 
many users to perform a specific task, 
such as running network or Internet 
applications. 


scalability: The ability to increase 
the processing capability of a 
computer system so that it can handle 
more users, more data, or more 
transactions in a given period. 


mainframe computer: A large, 
powerful computer often shared by 
hundreds of concurrent users connected 
to the machine over a network. 


are now providing laptop versions of their powerful desktop workstations. The 
Mac Pro is a series of workstation and server computers based on the high- 
performance Intel Xeon processor. 

Area Sq is a UK-based company that provides expertise in office design, 
refurbishment, and workplace services. Its space planning consultants create 
innovative and inspiring office interiors and use powerful Dell workstations to 
run Autodesk AutoCAD and related software. Area Sq needs high-performance 
computing to meet the challenging demands of creating 3D models and then 
rendering those models to put design options in front of clients. If the com- 
puter hardware runs slowly, then designers must wait for drawings to regen- 
erate when changes are made and this eats into design time. Reliability is also 
critical. Rendering can take hours on many projects and a hardware failure can 
mean losing a full day’s worth of work.” 


Servers, Mainframes, and Supercomputers 


Servers, mainframes, and supercomputers are designed to support workgroups 
from a small department of two or three workers to large organizations with 
tens of thousands of employees and millions of customers. This class of com- 
puter meets the heavy data processing needs of an organization. 


Server 

A server is a computer employed by many users to perform a specific task, 
such as running network or Internet applications. While almost any computer 
can run a server operating system and server applications, a server computer 
usually has special features that make it more suitable for operating in a mul- 
tiuser environment. These features include greater memory and storage capac- 
ities, faster and more efficient communications abilities, and reliable backup 
capabilities. A Web server is one specifically designed to handle Internet traffic 
and communications. An enterprise server stores and provides access to pro- 
grams that meet the needs of an entire organization. A file server stores and 
coordinates program and data files. Server systems consist of multiuser com- 
puters, including supercomputers, mainframes, and other servers. 

Servers are frequently kept in a rack containing multiple servers stacked 
one above the other simplifying cabling among components and minimizing 
the required floor space. A rack unit is a unit of measure used to describe 
the height of a server mounted in a rack. One rack unit is 44.45 mm or 1.75 
inches high. A 42U rack would have an internal rack unit height dimension of 
73.5 inches (1.8669 m). However, each 42U rack manufacturer’s server rack 
external dimensions will vary. In an equipment rack filled with servers, a spe- 
cial cooling system is needed to prevent excessive heat buildup that would 
otherwise occur from so many power-dissipating devices that are confined in 
a small space. 

Servers offer great scalability, the ability to increase the processing capa- 
bility of a computer system so that it can handle more users, more data, or more 
transactions in a given period. Scalability is achieved by adding more, or more 
powerful, processors. Scaling up adds more powerful processors, and scaling 
out adds many processors to increase the total data-processing capacity. Most 
new servers include onboard diagnostic capabilities that enable the server to 
alert the IS operations group to potential problems, a capability that used to 
be only available for high-end, mainframe computers. 


Mainframe Computer 

A mainframe computer is a large, powerful computer shared by dozens or 
even hundreds of concurrent users connected to the machine over a network. 
These refrigerator-sized computers helped NASA put astronauts on the moon 
and are still widely used in large organizations and government agencies. They 
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can support thousands of users simultaneously and can handle all of the core 
functions of a corporation. Mainframe computers provide the data-processing 
power and data storage capacity that enables banks and brokerage firms to 
deliver new mobile services, credit card companies to detect identity theft, and 
government agencies to better serve citizens. It is estimated that mainframe 
computers store 80 percent of the world’s corporate data and handle $6 trillion 
in annual credit card transactions. 

backward compatibility: The A key feature of mainframe computers is backward compatibility or the 

ability of current mainframes to run ability of current mainframes to run software created decades ago. Many orga- 

Sontware created decades age) nizations such as airlines, banks, and brokerage firms are reluctant to change 
their basic transaction processing software. If forced to rewrite this code each 
time they upgraded to newer, faster hardware they would incur considerable 
software development costs and raise the risk that the new software may not 
be as reliable as the old software. Personal computers and cellphones are not 
considered to have backward compatibility and it is often impossible to run 
apps that are even a few years old. 

IBM’s latest mainframe computer, the IBM Z, is capable of running more 
than 12 billion encrypted transactions per day. The mainframe uses transaction 
encryption technology to counter cyberattacks against personal and financial 
data that could cost firms a total of $8 trillion by 2022. The IBM Z is not 
cheap; it comes with a $500,000 starting price. 


Supercomputer 
supercomputers: One of the most Supercomputers are the most powerful computers with the fastest processing 
powerful computer systems with the speed and highest performance. They are special-purpose machines designed 


ASEL Proressiiig s papds; for applications that require extensive and rapid computational capabilities. 


Originally, supercomputers were used primarily by government agencies to 
perform the high-speed number crunching needed in weather forecasting, 
earthquake simulations, climate modelling, nuclear research, study of the ori- 
gin of matter and the universe, and weapons development and testing. They 
are now used more broadly for commercial purposes in the life sciences and 
the manufacture of drugs and new materials. For example, Procter & Gamble 
uses supercomputers in the research and development of many of its leading 
commercial brands, such as Tide and Pampers, to help develop detergent with 
more soapsuds and improve the quality of its diapers. 

Supercomputers are also used to help establish the safety ratings for vehi- 
cles sold in the United States. The ratings are based on sophisticated computer 
simulations, during which supercomputers crunch equations involving many 
different variables. These computer-generated simulations are combined with 
data taken from actual crash tests and analyzed to determine safety ratings that 
many consumers use as one factor in determining which car to buy. 

Most new supercomputers are based on a recent architecture that employs 
graphics processing unit (GPU) chips in addition to traditional central process- 
ing unit (CPU) chips to perform high-speed processing. The CPU is designed 
for sequential serial processing while the GPU is designed to handle multiple 
tasks in parallel. With GPU-accelerated computing, sequential calculations are 
performed in the CPU and highly complicated calculations are performed in 
parallel in the GPU thus providing far superior processing speeds for applica- 
tions like artificial intelligence, complex simulations, computer-aided design, 
medical imaging, video editing, and medical imaging. 

The speed of supercomputers is measured in petaflops or 1X10” floating 
point operations per second (FLOPS). For perspective, one petaflop is roughly 
a million times faster than the typical consumer laptop computer. The fastest 
supercomputer in the world as of June 2018 is the Summit supercomputer 
deployed at the Oak Ridge National Laboratory in Oak Ridge, TN. Table 4.4 
lists the five most powerful supercomputers in use as of June 2018. 
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TABLE 4.4 Five most powerful 


operational supercomputers (June 2018) 


Rank Name Where Deployed Location Speed (Petaflops) 

1 Summit Oak Ridge National Labora- Oak Ridge, TN, United States 1225 
tory (ORNL) 

2 Sunway TaihuLight National Supercomputing Wuxi, China 93 
Center 

3 Sierra Lawrence Livermore National Livermore, CA, United States 71.6 
Laboratory 

4 Tianhe-2A National Supercomputer Guangzho, China 33.9 
Center 

5 AI Bridging Cloud National Institute of University at Shinagawa, 19) 

Infrastructure (ABCI) Advanced Industrial Science Tokyo, Japan, 


and Technology (AIST) 


SOURCE: “Top 500 the List,” June 2018, https:/Avww.top500.org/lists/2018/06/ 


Quantum Computers 


Classical computers, which are the types of computers we have discussed up 
until now, encode information in bits with each bit representing the value of 
1 or 0. These 1s and Os represent data and act as on/off switches that control 
how the computer functions. Quantum computers, in contrast, are based on 
qubits, which operate according to two key principles of quantum physics: 
superposition and entanglement. 

Superposition is a principle of quantum mechanics that says instead of 
thinking about a particle being in one state or changing between a variety of 
states, particles are thought of as existing across all the possible states at the 
same time. Thus, with superposition each qubit can represent both a 1 and 
a 0 at the same time. Entanglement means that qubits in a superposition can 
be interrelated with each other; that is, the state of one qubit (whether it is 
a 1 or a 0) can depend on the state of another. As a result, qubits can act as 
far more sophisticated switches, enabling quantum computers to function in 
ways that allow them to solve difficult problems that are impossible to solve 
using classical computers or that would take them an exceedingly long time 
to solve.'® 

As of 2018, researchers have built fully programmable five-qubit quantum 
computers but such machines have limited capabilities. A near term goal is to 
build a 50-qubit computer that would achieve quantum supremacy—such a 
quantum computer would provide a computing capacity beyond that of any 
current or possible future classical supercomputer. Such systems are likely to 
be commercially available as early as 2022. By the end of the next decade, 
quantum computers on the order of 100,000-qubit systems will be available.” 
These computers will provide prodigious amounts of computer capacity and 
may be applied in the following ways: 


e Enable advancements in the materials, chemistry, and drug industries by 
making accurate molecular-scale models possible for the discovery of 
new materials and drugs 

e Model the behavior of atoms and particles at unusual conditions (for 
example, very high energies that can be only created in the Large 
Hadron Collider) without actually having to create those unusual 
conditions 

e Improve weather forecasting by allowing for more detailed and accurate 
models 
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Critical 
Thinking 
Exercise 
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e Analyze the huge amounts of data gathered by satellites and surveillance 
cameras 

e Enhance and analyze telescopic images to help astronomers spot more 
exoplanets, and help quickly identify which ones have the most potential 
to harbor life 


One major concern is that quantum computers will be so powerful that 
they will be able to decrypt and read secret messages communicated over the 
Internet using the current encryption technologies. New encryption process 
will need to be designed and implemented. 


Justifying Investment in Supercomputers 
æ ANALYTICAL THINKING 


You have been appointed to a committee tasked with lobbying the state and federal 
government for $25 million in public funds to build and install a new supercom- 
puter and associated hardware to support research performed by the university. 


Review Questions 

1. What capabilities does a supercomputer provide that other classes of computers 
cannot? 

2. What hardware in addition to the supercomputer may be necessary to support 
the research? 


Critical Thinking Questions 

1. What advantages does use of a supercomputer have over creating a grid com- 
puting network? 

2. Ina single sentence each, briefly describe three different research projects that 
would require the power of a supercomputer. 


Server Farm, Data Centers, and Green Computing 3 S a 


server farm: A facility that houses 
a large number of servers in the same 
room, where access to the machines 
can be controlled and authorized 
support personnel can more easily 
manage and maintain the servers. 


This section will cover three topics that provide a good overview of what the 
computer industry and various organizations are doing to meet their computing 
needs in a more efficient and environmentally friendly manner. 


Server Farms 


Often, an organization will house a large number of servers in the same room, 
where access to the machines can be controlled and authorized support per- 
sonnel can more easily manage and maintain the servers. Such a facility is 
called a server farm. Apple, Google, Microsoft, the U.S. government, and many 
other organizations have built billion-dollar server farms in small rural commu- 
nities where both land and electricity are cheap. 

Server manufacturers are competing heavily to reduce the power required 
to operate their servers and are making “performance per watt” a key part of 
their product differentiation strategy. Low power usage is a critical factor for 
organizations that run server farms made up of hundreds or even thousands of 
servers. Typical servers draw up to 220 watts, although new servers based on 
Intel’s Atom microprocessor draw 8 or fewer watts. The annual power savings 
from such low-energy usage servers can amount to tens of thousands of dollars 
for operators of a large server farm. Server farm operators are also looking 
for low-cost, clean, renewable energy sources. For example, Google purchases 
renewable energy from wind and solar farms.'® 
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blade server: A server that 
houses many individual computer 
motherboards that include one or 
more processors, computer memory, 
computer storage, and computer 
network connections. 


data center: A climate-and-access- 
controlled building or a set of buildings 
that houses the computer hardware 
that delivers an organization's data and 
information services. 


A blade server houses many computer motherboards that include one or 
more processors, computer memory, computer storage, and computer network 
connections. These all share a common power supply and air-cooling source 
within a single chassis. By placing many blades into a single chassis, and then 
mounting multiple chassis in a single rack, the blade server is more powerful 
but less expensive than traditional systems based on mainframes or server 
farms of individual computers. In addition, the blade server approach requires 
much less physical space than traditional server farms. 


Data Center 


A data center is a climate-and-access-controlled building or a set of buildings 
that houses the computer hardware that delivers an organization’s data and 
information services. 

Switch is a Las Vegas-based technology infrastructure organization whose 
core business is the design, construction, and operation of advanced data cen- 
ters. Switch is the largest data center provider in Las Vegas with over 2 million 
square feet and whose facilities can generate 315 Megawatts of power. This 
is sufficient energy to power over 200,000 homes. The firm is known for its 
proprietary data center design and futuristic interiors. Switch customers include 
Amazon Web services, eBay, Hulu, and NASA. 

Traditional data centers consist of warehouse-size buildings filled with 
row upon row of server racks and powerful air-conditioning systems designed 
to remove dust and humidity from the air and offset the heat generated by 
the processors. Such data centers can use as much energy as a small city and 
run up a power bill of millions of dollars per year. Indeed, energy costs can 
amount to 25 percent of the total cost of operating a data center, with hardware 
expenses and labor costs the other 75 percent. Businesses and technology ven- 
dors are working to develop data centers that run more efficiently and require 
less energy for processing and cooling. 

About half the energy usage of a traditional data center goes to operate its 
computers. The other half goes to cooling the computers, removing dust and 
humidity from the air, and lighting the facility, along with other systems that sus- 
tain the data center. Such a data center has a power usage effectiveness (PUE) 
of 2.0.(PUE 5 total power consumed/power required to run the computers). The 
ideal goal is a PUE of 1.0, which would indicate that all the power goes to 
running the computers. Google has been able to build data centers that operate 
with a PUE of 1.09.” 

In a further attempt to lower ongoing operating costs, many organizations 
are locating their data centers in areas with milder climates and lower energy 
rates and land costs. For organizations in the United States, this translates to 
rural locations in the south and the northwest. Apple, Google, and Facebook 
all operate major data centers in rural North Carolina. 

The ability to absorb the impact of a disaster (e.g., hurricane, earthquake, 
terrorism attack, or war) and quickly restore services is a critical concern when 
it comes to the planning for new data centers. As a result, data centers of large 
information systems service organizations are often distributed among multiple 
locations in different areas of the country or even different countries to ensure 
continuous operations in the event of a disaster. If one data center in such an 
arrangement is affected by a disaster, its work load could be redirected to one 
or more of the distributed data centers not affected. Google has distributed its 
data centers with 8 in North America, 1 in South America, 2 in Asia, and 4 in 
Europe.” 
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four tiers of data center 
classification: A system that 
enables organizations to quantify 
and qualify their ability to provide a 
predictable level of performance. 
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Electric power is essential to the operation of a data center to run not 
only the servers and computers but also data storage devices, fire protection 
systems, physical security systems, and the HVAC (heating, ventilation, and 
air conditioning) system that controls the ambient environment (temperature, 
humidity, air flow, and air filtering) necessary for the safe operation of all the 
hardware. Power outages are not uncommon and can result from bad weather, 
natural disasters, acts of terrorism, equipment failure, power line damage, and 
other causes. An organization can incur significant financial losses and loss 
of customer goodwill if they are unable to conduct business for an extended 
length of time. As a result, most data centers employ battery operated uninter- 
ruptible power sources (UPS) that can provide several hours to a few days of 
backup power. Organizations needing guaranteed backup power longer than 
this will employ backup power generators to ensure that their critical systems 
can continue to run indefinitely even if the utility company cannot deliver 
power. 

The Uptime Institute is a U.S. advisory group that has defined four 
tiers of data center classification to enable organizations to quantify and 
qualify their ability to provide a predictable level of performance based on 
expected annual downtime, fault tolerance, and power outage protection. 
These parameters are summarized in Table 4.5.” Tiers 1 and 2 may be appro- 
priate for small organizations where a business disruption of several hours 
to a few days would not have a serious business impact and critical activities 
could be managed manually without computer assistance. Tiers 3 and 4 are 
needed by large organizations where a business disruption of a few hours 
would have serious financial consequences due to the inability to process 
customer orders, plan product shipments, manage manufacturing operations, 
and perform other critical activities. Tier 3 and 4 data centers employ redun- 
dant hardware, powerrelated devices, and alternate power sources. If cost 
were not a factor, organizations would implement a tier 3 or 4 data center; 
however, this should only be done when the cost of downtime associated 
with a tier 1 or 2 data center exceeds the cost of upgrading to a tier 3 or 4 
data center. 


TABLE 4.5 Classification of data centers by tiers 


Feature Tier 1 Tier 2 Tier 3 Tier 4 
Expected annual 28.8 hours 22 hours 1.6 hours 26.3 minutes 
downtime 

Fault tolerance No redundancy Partial N+1 2N+1 

Power outage None A few hours 72 hours 96 hours 
protection 


Green Computing 


Electronic devices such as computers and smartphones contain hundreds—or 
even thousands—of components, which are, in turn, composed of many dif- 
ferent materials, including some [such as beryllium, cadmium, lead, mercury, 
brominated flame retardants (BFRs), selenium, and polyvinyl chloride] that are 
known to be potentially harmful to humans and the environment. Electronics 
manufacturing employees and suppliers at all steps along the supply chain 
and manufacturing process are at risk of unhealthy exposure to these raw 
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green computing: Concerned 

with the efficient and environmentally 
responsible design, manufacture, 
operation, and disposal of IT-related 
products, including all types of 
computing devices (from smartphones 
to supercomputers), printers, printer 
materials such as cartridges and toner, 
and storage devices. 


electronic product 
environmental assessment tool 
(EPEAT): A system that enables 
purchasers to evaluate, compare, and 
select electronic products based on a 
total of 51 environmental criteria. 


materials. Users of these products can also be exposed to these materials when 
using poorly designed or improperly manufactured devices. Care must also be 
taken when recycling or destroying these devices to avoid contaminating the 
environment. 

Green computing is concerned with the efficient and environmentally 
responsible design, manufacture, operation, and disposal of IT-related prod- 
ucts, including all types of computing devices (from smartphones to super- 
computers), printers, printer materials such as cartridges and toner, and 
storage devices. Green computing has three goals: (1) reduce the use of 
hazardous material, (2) allow companies to lower their power-related costs, 
and (3) enable the safe disposal or recycling of computers and computer-re- 
lated equipment. Many business organizations recognize that going green is 
in their best interests in terms of public relations, employee safety, and the 
community at large. These organizations also recognize that green computing 
presents an opportunity to substantially reduce total costs over the life cycle 
of their IT equipment. 

The United States generates more e-waste (includes discarded cell phones, 
computers, copiers, DVD players, fax machines, monitors, printers, TVs, VCRs) 
than any other country in the world—9.4 million tons/year. Only about 12.5 
percent of this is recycled.” E-waste is the fastest growing municipal waste 
stream in the United States, according to the EPA. Because it is impossible for 
manufacturers to ensure safe recycling or disposal, the best practice would be 
for them to eliminate the use of toxic substances, particularly since recycling of 
used computers, monitors, and printers has raised concerns about toxicity and 
carcinogenicity of some of the substances. However, until manufacturers stop 
using these toxic substances, safe disposal and reclamation operations must be 
carried out carefully to avoid exposure in recycling operations and leaching of 
materials, such as heavy metals, from landfills and incinerator ashes. In many 
cases, recycling companies export large quantities of used electronics to com- 
panies in undeveloped countries. Unfortunately, many of these countries do 
not have strong environmental laws, and they sometimes fail to recognize the 
potential dangers of dealing with hazardous materials. In their defense, these 
countries point out that the United States and other first-world countries were 
allowed to develop robust economies and rise up out of poverty without the 
restrictions of strict environmental policies. 

Electronic Product Environmental Assessment Tool (EPEAT) is a system 
that enables purchasers to evaluate, compare, and select electronic products 
based on a total of 51 environmental criteria. Products are ranked in EPEAT 
according to three tiers of environmental performance: Bronze (meets all 23 
required criteria), Silver (meets all 23 of the required criteria plus at least 50 
percent of the optional criteria), and Gold (meets all 23 required criteria plus 
at least 75 percent of the optional criteria), as shown in Table 4.6. EPEAT was 
first implemented in 2006 with Computer and Displays (IEEE 1680.1 standard) 
and has now expanded to Imaging Equipment, under the IEEE 1680.2 standard 
from January 2013. EPEAT is managed by the Green Electronics Council and 
currently evaluates more than 4,400 products from more than 60 manufacturers 
across 43 countries.” 

Individual purchasers as well as corporate purchasers of computers, print- 
ers, scanners, and multifunction devices can use the EPEAT website (www 
.epeat.net) to screen manufacturers and models based on environmental attri- 
butes. Since 2007, U.S. Federal agency purchasers have been directed to meet 
an annual commitment of 95 percent or higher EPEAT purchasing in all covered 
product categories, first by Presidential Executive Order and then by regulatory 
requirement.” 
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TABLE 4.6 EPEAT product tiers for computers 


Number of Required Criteria Number of Optional Criteria 
Tier That Must Be Met That Must Be Met 
Bronze All 23 None 
Silver All 23 At least 50% 
Gold All 23 At least 75% 


SOURCE: “EPEAT Criteria,” EPEAT, www.epeat.net/resources/criteria-2, accessed March 17, 2018. 


The European Union’s Restriction of Hazardous Substances Directive, 
which took effect in 2006, restricts the use of many hazardous materials in com- 
puter manufacturing. The directive also requires manufacturers to use at least 
65 percent reusable or recyclable components, implement a plan to manage 
products at the end of their life cycle in an environmentally safe manner, and 
reduce or eliminate toxic material in their packaging. The state of California 
has passed a similar law, called the Electronic Waste Recycling Act. Because of 
these two acts, manufacturers had a strong motivation to remove brominated 
flame retardants from their PC casings. 

Lenovo is a Chinese manufacturer of personal computers, tablets, smart- 
phones, workstations, servers, electronic storage devices, and printers. Since 
2007, the company’s product development teams have been using increasing 
amounts of recycled plastics to meet new customer requirements, satisfy cor- 
porate environmental objectives and targets, and achieve EPEAT Gold registra- 
tions for its products. The company’s efforts have resulted in the avoidance of 
up to 248 million pounds of CO, emissions since 2007.” 


Critical Cost/Benefits of Green Computing 


Thinking © SOCIAL RESPONSIBILITY 
Exercise 


Your organization wants to update the four-year-old laptop computers carried by 
its 200 sales and customer service reps to the latest technology. As a member of 
the sales organization, you have been asked to participate in choosing the portable 
computing device to be used. The committee spent considerable time defining the 
requirements the replacement device must meet and has narrowed its choice down 
to two contenders. They are both 2-in-1 tablets with dual processor CPUs each 
running at over 2.4 MHz. Both have screens that are about 12.3 inches, and both 
come with SSD and 128 GB of storage capacity. In other words, both devices are 
almost identical in terms of hardware specifications. However, one device meets all 
the EPEAT requirements to be rated as a gold product and costs $150 more than 
the other choice that is rated a bronze product. 


Review Questions 

1. Why might the committee decide that 2-in-1 tablets versus just a regular tablet 
or laptop are necessary for the sales and customer service reps? 

2. Should the committee consider tablets with touch screens or a screen that can 
interact with ink enabled pens? Why or why not? 


Critical Thinking Questions 

1. What additional steps should the committee take before reaching a final decision? 

2. Should the committee choose more expensive device at an additional cost of 
$30,000 to the company? If so, how can they justify this choice? 
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System Software 


system software: Software that 
includes operating systems, utilities, 
and middleware that coordinate the 
activities and functions of the hardware 
and other programs throughout the 
computer system. 


application software: Programs 
that help users solve particular 
computing problems. 


operating system (OS): A set of 
computer programs that controls the 
computer hardware and acts as an 
interface to application software. 


kernel: The heart of the operating 
system that controls the most critical 
processes of the OS. 


Role of operating systems 
The role of the operating system 

is to act as an interface between 
application software and hardware. 


Software consists of computer programs that control the workings of com- 
puter hardware. Software can be divided into two types: systems software and 
application software. System software includes operating systems, utilities, 
and middleware that coordinate the activities and functions of the hardware 
and other programs throughout the computer system. Application software 
consists of programs that help users solve computing problems. Examples 
include a spreadsheet program or a program that captures and displays data 
that enables monitoring of a manufacturing process. 

The effective use of software can have a profound impact on individu- 
als and organizations. It can make the difference between profits and losses 
and between financial health and bankruptcy. Gartner estimates that around 
$421 billion will be spent worldwide on enterprise software (excluding con- 
sumer spending) in 2019.”° This is far different from when computers first 
were available; software was given away and customers paid only for the 
hardware. Indeed, the software industry was born in 1969 when IBM decided 
to unbundle—and charge customers separately for—its software and services. 
Although business computers had been in use since the mid-1950s, hardware 
manufacturers had previously bundled software with their hardware without 
charging separately for it. 

The primary role of system software is to control the operations of com- 
puter hardware. System software also supports the problem-solving capabili- 
ties of application programs. System software can be divided into three types: 
operating systems, utility programs, and middleware. 


Operating Systems 


An operating system (OS) is a set of programs that controls a computer’s 
hardware and acts as an interface with application software; see Figure 4.8. The 
kernel, as its name suggests, is the heart of the OS and controls its most criti- 
cal processes. The kernel ties all OS components together and regulates other 
programs. An operating system can control one or more computers, or it can 
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allow multiple users to interact with one computer. The various combinations 
of OSs, computers, and users include the following: 


e Single computer with a single user. This system is commonly used in 
personal computers, tablets, and smartphones that support one user at a 
time. Examples of OSs for this setup include Microsoft Windows, macOS, 
and Google Android. 

e Single computer with multiple simultaneous users. This type of system is 
used in larger server or mainframe computers that support hundreds or 
thousands of people, all using the computer at the same time. Examples 
of OSs that support this kind of system include UNIX, z/OS, and HP-UX. 

e Multiple computers with multiple users. This type of system is used in 
computer networks, including home networks with several computers 
attached as well as large computer networks with hundreds of computers 
attached, supporting many users, who may be located around the world. 
Network server OSs include Red Hat Enterprise Linux Server, Windows 
Server, and Mac OS X Server. 

e Special-purpose computers. This type of system is typical of a number of 
computers with specialized functions, such as those that control sophisti- 
cated military aircraft, digital cameras, or home appliances. Examples of 
OSs designed for these purposes include Windows Embedded, Symbian, 
and some distributions of Linux. 


Functions Performed by the Operating System 


The programs that make up the OS perform a variety of activities, including 
the following: 


e Control common computer hardware functions such as accepting input 
from the keyboard, retrieving data from a storage device, and displaying 
data on the screen. 

e Provide a user interface and manage input/output operations. 

e Provide a degree of hardware independence so that a software program 
can run on multiple computers, without concern for the specific underly- 
ing hardware. 

e Manage memory is accessed, maximizing the use of available memory 
and storage to provide optimum efficiency. 

e Manage processing tasks 

e Provide networking capabilities so that computers can join together in a 
network to send and receive data and share computing resources 

e Control access to system resources to provide a high level of security 
against unauthorized access to the users’ data and programs as well as 
record who is using the system and for how long. 

e Manage files to ensure that files are available when needed and that they 
are protected from access by unauthorized users. 


Some operating systems provide sight interfaces that enable a computer 
to perform different commands or operations depending on where a person is 
looking on the screen. Some companies, including Neuralink backed by Elon 
Musk, are experimenting with sensors attached to the human brain to create 
interfaces that can detect brain waves and control a computer as a result. Sight 
and brain interfaces can be very helpful to disabled individuals.” 


Task Management 


Operating systems use the following five approaches to task management to 
increase the amount of processing that can be accomplished in a given amount 
of time: 


e Multiuser. Enables two or more users to run programs at the same time 
on the same computer. Some operating systems permit hundreds or even 
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thousands of concurrent users. The ability of the computer to handle an 
increasing number of concurrent users smoothly is called scalability. 

e Multiprocessing. Supports running a program on more than one CPU. 

e Multitasking. Enables more than one program to run concurrently. 

e Multithreading. Enables different threads of a single program to run con- 
currently. A thread is a set of instructions within an application that is 
independent of other threads. For example, in a spreadsheet program, 
the thread to open the workbook is separate from the thread to sum a 
column of figures. 

e Real-time. Responds to input instantly. To do this, the operating system 
task scheduler can stop any task at any point in its execution if it deter- 
mines that another higher priority task needs to run immediately. Real- 
time operating systems are used to control the operation of jet engines, 
the deployment of air bags, and the operation of antilock braking 
systems—among other uses. 


Not all operating systems employ all these approaches to task manage- 
ment. For example, the general-purpose operating systems with which we are 
most familiar (e.g., Windows and Mac OS) cannot support real-time processing. 


Current Operating Systems 


Today’s operating systems incorporate sophisticated features and capabilities. 
Table 4.7 classifies a few current operating systems by sphere of influence. 


TABLE 4.7 Operating systems by sphere of influence 


Personal Workgroup Enterprise 

Microsoft Windows Microsoft Windows Microsoft Windows 
Server Server 

Mac OS X, iOS Mac OS X Server — 

Linux Linux Linux 

Google Android, UNIX UNIX 

Chrome OS 

HP webOS IBM i and z/OS IBM i and z/OS 

— HP-UX HP-UX 


From time to time, software manufacturers drop support for older operat- 
ing systems—meaning that although computers and software running under 
these operating systems will continue to run, the operating system manufac- 
turer will no longer provide security fixes and updates. Without such patches, 
the users’ computers are more susceptible to being infected by viruses and 
malware. For example, Google dropped support for Windows XP and Vista 
users running on its Chrome browser.” 

Discontinuance of support is a strong reason to upgrade to new software. 
However, many organizations take the approach that “if it ain’t broke, don’t fix 
it.” In their view, other projects take priority over updating software that is still 
functioning. However, this approach can lead to interruptions in key systems. 
For example, planes were grounded for several hours at Paris’ busy Orly air- 
port when a computer that links air traffic control systems with France’s main 
weather bureau stopped working. The computer was running on Windows 
3.1, a 25-year-old operating system dropped from support by Microsoft over a 
dozen years ago.” 
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Microsoft PC Operating Systems 

In 1980, executives from IBM approached Microsoft’s Bill Gates regarding the 
creation of an operating system for IBM’s first personal computer. That oper- 
ating system, which was ultimately called Microsoft Disk Operating System 
(MS-DOS), was based on Microsoft’s purchase of the Quick and Dirty Oper- 
ating System (QDOS) written by Tim Paterson of Seattle Computer Products. 
Microsoft bought the rights to QDOS for $50,000. QDOS, in turn, was based 
on Gary Kildall’s Control Program for Microcomputers (CP/M). 

As part of its agreement with Microsoft, IBM allowed Microsoft to retain 
the rights to MS-DOS and to market MS-DOS separately from the IBM per- 
sonal computer. The rest is history, with Gates and Microsoft earning a fortune 
from the licensing of MS-DOS and its descendants.” MS-DOS, which had a 
command-based interface that was difficult to learn and use, gave way to the 
more user-friendly Windows 1.0 operating system in 1985. This was Microsoft’s 
first true attempt at a graphical user interface and it relied heavily on use of a 
mouse before the mouse was a common computer input device. 

With its launch of Windows 10, Microsoft announced that it is moving 
away from its usual practice of releasing major new versions of its Windows 
operating system every few years. Instead, the company provides ongoing, 
incremental upgrades and improvements, rolled out automatically, a few times 
each year. Unless users change the automatic update setting, they receive these 
updates as soon as they come out. Organizations, whose information systems 
professionals desire minimal change in order to ensure reliable operations of 
corporate applications, may elect to opt out of such frequent updates. Microsoft 
hopes that the automatic, rapid update cycle will force users to stay current so 
that all hardware devices work as intended, new features are added to existing 
software, and ensure that the latest security patches are installed for users’ 
safety. 

The Windows 10 operating system is built on a single, common kernel 
called OneCore that works across a variety of devices, from phones, tablets, 
personal computers, large-screen displays, the Xbox, and even the HoloLens 
(the Microsoft headband that enables users to view holograms). This means 
that application developers working with Windows 10 can target the same 
core environment for their apps, and such apps will work across a range of 
screen sizes and devices including computers, tablets, and smartphones. This 
represents the achievement of a goal that Microsoft has had for more than 20 
years: Windows Everywhere with a potential market of one billion users.’ 


Apple Computer Operating Systems 


In July 2001, Mac OS X was released as an entirely new operating system 
for the Mac. Based on the UNIX operating system, Mac OS X included a new 
user interface with luminous and semi-transparent elements, such as buttons, 
scroll bars, and windows along with fluid animation to enhance the user’s 
experience. 

Since its first operating system release, Mac OS X 10.0 in 2001, Apple 
has upgraded OS X almost every year. The first eight versions of the OS were 
named after big cats, the latest are named after places in California. OS X 10.13, 
also known as macOS High Sierra, is Apple’s latest operating system. macOS 
Sierra offers many updates to provide improved security and performance as 
well as longer battery life.” 

Because macOS runs on Intel processors, Mac users can set up their com- 
puters to run both Windows and macOS and select the platform they want 
to work with when they boot their computers. Such an arrangement is called 
dual booting. While Macs can dual boot into Windows, the opposite is not true. 
macOS cannot be run on any machine other than an Apple device. However, 
Windows PCs can dual boot with Linux and other OSs. 
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Linux 

Linux is an OS developed in 1991 by Linus Torvalds as a student in Finland. 
The OS is distributed under the GNU General Public License, and its source 
code is freely available to everyone. It is, therefore, called an open-source 
operating system. 

Individuals and organizations can use the open-source Linux code to create 
their own distribution (flavor) of Linux. A distribution consists of the Linux 
kernel (the core of the operating system)—which controls the hardware, man- 
ages files, separates processes, and performs other basic functions—along with 
other software. This other software defines the terminal interface and available 
commands, produces the graphical user interface, and provides other useful 
utility programs. A Linux distributor takes all the code for these programs and 
combines it into a single operating system that can be installed on a computer. 
The distributor may also add finishing touches that determine how the desktop 
looks, what color schemes and character sets are displayed, and what browser 
and other optional software are included with the operating system. Typically, 
the distribution is “optimized” to perform in a particular environment, such as 
for a desktop computer, server, or TV cable box controller. 

Hundreds of distributions of Linux have been created. Many distributions 
are available as free downloads. Three of the most widely used distributions 
come from software companies Red Hat, SUSE, and Canonical. Although the 
Linux kernel is free software, both Red Hat and SUSE produce retail versions of 
the operating system that earn them revenues through distribution and service 
of the software. openSUSE is the distribution sponsored by SUSE. 

Paddy Power Betfair is a large online betting company based in Dublin, 
Ireland that must handle 130 million transactions each day in a fast and secure 
manner. Its systems must operate reliably in a 24 x 7 environment that provides 
for updates and maintenance without affecting customers. The firm selected 
the Red Hat Enterprise Linux operating system to provide a stable and secure 
platform to support its data center.’ 


Google Android and Apple iOS 

Smartphones now employ full-fledged personal computer operating systems 
such as the Google Android and Apple iOS that determine the functionality of 
your phone and the applications that you can run. These operating systems 
have software development kits that allow developers to design thousands of 
apps providing a myriad of mobile services. When it comes to smart phone 
operating systems, Google Android has achieved over 80 percent of the world- 
wide market share and there are over 3.3 million apps available. Apple iOS 
holds the remaining share of the market and there are over 2.2 million apps 
available.***>*° For tablet operating systems, Android has a 65 percent world- 
wide market share and iOS has a 33 percent market share.*’ 


Windows Server 

Microsoft designed the Windows Server workgroup operating system to per- 
form a host of tasks that are vital for Web sites and corporate Web applications. 
For example, Microsoft Windows Server can be used to coordinate and man- 
age large data centers. Windows Server delivers benefits such as a powerful 
Web server management system, virtualization tools that allow various oper- 
ating systems to run on a single server, advanced security features, and robust 
administrative support. Windows Home Server allows individuals to connect 
multiple PCs, storage devices, printers, and other devices into a home network. 
Windows Home Servers provides a convenient way for home users to store 
and manage photos, video, music, and other digital content. It also provides 
backup and data recovery functions. 
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server virtualization: A method 
of logically dividing the resources 

of a single physical server to create 
multiple logical servers, each acting as 
its own dedicated machine. 


hypervisor: A virtual server program 
that controls the host processor and 
resources, allocates the necessary 
resources to each virtual system, and 
ensures that they do not disrupt each 
other. 
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UNIX 


UNIX is a powerful OS originally developed by AT&T for minicomputers—the 
predecessors of servers, which were larger and more powerful than PCs but 
smaller and less powerful than mainframes. UNIX can be used on many com- 
puter system types and platforms, including workstations, servers, and main- 
frame computers. UNIX also makes it easy to move programs and data among 
computers or to connect mainframes and workstations to share resources. There 
are many variants of UNIX, including HP-UX from Hewlett-Packard Enterprise, 
AIX from IBM, and Solaris from Oracle. The UNIX platform (a computer capa- 
ble of running the UNIX operating system plus the operating system itself) is 
considered a high-cost platform compared to Linux and Windows Server. 

The Credit Information Bureau India Limited (CIBIL) collects consumer 
financial data to create credit reports and scores that are provided to lenders 
to help them evaluate applications for loans. This is a very high-volume busi- 
ness with millions of reports generated each day. CIBIL employs blade servers 
running the HP-UX operating system to meet this demand.** 


Mac OS X Server 


The Mac OS X Server is the first modern server OS from Apple Computer, and 
it is based on the UNIX OS. Designed for OS X and iOS, OS X Server makes it 
easy to collaborate, develop software, host Web sites and wikis, configure Mac 
and iOS devices, and remotely access a network. Smartphone users running 
iOS can now open, edit, and save documents on OS X Server. 


Running Multiple Operating Systems with Server Virtualization 
During the 1990s, organizations used to dedicate one server to each applica- 
tion. This allowed easy, although expensive backup in the event of a server 
failure. The application would simply be moved to a standby server. It also 
avoided software incompatibility issues between the operating system running 
on the server and the operating system on which the application could run. 
The one and only one operating system running on the server would be one 
on which the application could run. With advances in the speed and computing 
power of servers, the individual applications were only using 25 percent or less 
of the server hardware capacity—very wasteful. 

Server virtualization is an approach to improving hardware utilization by 
logically dividing the resources of a single physical server to create multiple 
logical servers called virtual machines. Each virtual machine acts as its own 
dedicated machine. The server on which one or more virtual machines are 
running is called the host server. Each virtual machine includes its own guest 
operating system to manage the user interface and control how the virtual 
machine uses the host server’s hardware. Thus, several different operating 
systems can run on a virtualized server. 

The hypervisor is a virtual server program that controls the host processor 
and resources, allocates the necessary resources to each virtual machine, and 
ensures that they do not disrupt each other. VMware from Dell Technologies 
and Microsoft Hyper-V are the two dominant hypervisor vendors. Over three- 
fourths of organizations employ virtualization.’ Figure 4.9 depicts the server 
virtualization environment. 

With server virtualization, the server can run several server applications 
concurrently and operate at much higher level of total capacity—perhaps 80 
percent or more. As a result, a data center with say 400 physical servers could 
be converted to a virtualized environment with perhaps as few as 24 virtual- 
ized servers. There would be a huge savings in capital costs for hardware and 
because there are fewer servers, there would be additional ongoing savings in 
energy costs to power the servers and cool the data center. Also, fewer soft- 
ware licenses are required for fewer physical machines and fewer personnel 
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FIGURE 4.9 Virtual Virtual Virtual Virtual 


Server virtualization Machine #1 Machine #2 Machine #3 Machine #4 


Virtualization is an approach to 
improving hardware utilization by 
logically dividing the resources of 

a single physical server to create 
multiple logical servers called virtual 
machines. 


Hypervisor 


Host system operating system 


Host system hardware 


are required to operate and maintain the servers. Thus, server virtualization 
provides three benefits: (1) lower capital costs for hardware, (2) savings in 
energy costs to operate and cool the data center, and (3) savings in software 
licenses and personnel costs. 

PKO Bank Polski S.A. is the largest commercial bank in Poland providing 
service to over 9 million customers. The bank’s information systems must oper- 
ate 24 x 7 with a goal of less than 1 hour of unscheduled downtime per year. 
Server virtualization is now a standard for critical applications at the bank and 
this strategy has reduced hardware related costs, cut unscheduled downtime 
for applications, and reduced the time spent on problem solving.” 


Enterprise Operating Systems 

Mainframe computers, often referred to as “Big Iron,” provide the computing 
and storage capacity required for massive data-processing environments, and 
they provide systems that can support many users while delivering high per- 
formance and excellent system availability, strong security, and scalability. A 
wide range of application software has been developed to run in the mainframe 
environment, making it possible to purchase software to address almost any 
business problem. Examples of mainframe OSs include z/OS from IBM, HP-UX 
from Hewlett-Packard, and Linux. The z/OS is IBM’s first 64-bit enterprise OS 
and is capable of handling very heavy workloads, including serving thousands 
of concurrent users and running an organization’s critical applications. (The z 
stands for zero downtime.) 


Embedded Operating Systems 

embedded system: A computer An embedded system is a computer system that is implanted in and dedicated 

system (including some sort of to the control of another device often within a larger mechanical or electrical 

processor) thaulsinplaim ed lnvend system. An embedded system is designed with one purpose in mind while a 

dedicated to the control of another 

device. general-purpose computer can be used for many tasks. Embedded systems 
control many devices in common use today, including video game consoles, 
ATM machines, TV cable boxes, digital watches, digital cameras, MP3 players, 
calculators, microwave ovens, washing machines, and traffic lights. The typical 
car contains many embedded systems, including those that control antilock 
brakes, air bag deployment, fuel injection, active suspension devices, transmis- 
sion control, and cruise control. 
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Electrical grid near urban 
area 

U.S. Power grid relies on embed- 
ded systems to help control and 
manage its operation. 


utility programs: A program 
that helps to perform maintenance 
or correct problems with a computer 
system. 
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The U.S. power grid is extremely complex consisting of over 200,000 miles 
of transmission lines managed by some 500 companies. The grid is designed 
so that peak energy demand in one area of the country can be met by using 
electricity generated elsewhere. Embedded computers are used to monitor 
energy generation, transmission, distribution, and usage, thus enabling intel- 
ligent real-time decisions regarding its operation to be made. See Figure 4.10. 
Alarmingly, as Ted Koppel points out in his book Lights Out, a well-designed 
cyberattack on the power grid could cripple our power grid affecting tens of 
millions of people. 


An embedded operating system is designed to run in computers with a 
limited amount of memory and it must be highly reliable. As a result, it may not 
perform many of the functions that nonembedded computer operating systems 
provide, just those functions that are required by the specialized application 
it runs. Furthermore, unlike other operating systems, an embedded operating 
system does not load and execute multiple applications. An embedded operat- 
ing system is only able to run a single application. Some of the more popular 
OSs for embedded systems include Google Android Things, the Windows IoT 
family of Microsoft embedded operating systems, many variations of embedded 
Linux, Lynx Software’s LynxOS, Blackberry’s QNX used to build autonomous 
cars, and Wind River’s VxWorks. 

Swiss-based Liebherr collaborated with Microsoft to create the SmartDe- 
viceBox to provide interesting new capabilities to their refrigerators. Based 
on the Windows 10 IoT Core operating system, the SmartDeviceBox is about 
twice the size of a large USB drive and plugs directly into a port on most of 
the brand’s newest refrigerators. With it you can view the status of your refrig- 
erator online and make changes to its settings from any location. If a problem 
occurs with your refrigerator (e.g., the temperature varies outside the desired 
setting), you are notified by means of an alarm message sent to your smart- 
phone or tablet. The Media Intelligence Assistant voice module enables you to 
verbally add additional groceries to your shopping list which you can access 
via a mobile app while you are in the supermarket.“ 

The Wii gaming console uses an embedded operating system based on the 
Linux kernel. Linux is a popular choice for embedded systems because it is free 
and highly configurable. It has been used in many embedded systems, including 
e-book readers, ATMs, smartphones, networking devices, and media players. 


Utility Programs 

Utility programs perform a variety of tasks typically related to system mainte- 
nance or problem correction. For example, there are utility programs designed 
to merge and sort sets of data, keep track of computer jobs being run, compress 
data files before they are stored or transmitted over a network (thus saving 
space and time), and perform other important tasks. 
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PRTG network monitor 

PRTG network monitor and other 
network utility software can help 
you to keep track of network com- 
ponents, traffic flows, and network 
performance. 


Just as your car engine runs best if it has regular maintenance, computers 
also need regular maintenance to ensure optimal performance. Over time, your 
computer’s performance can start to diminish as system errors occur, files clut- 
ter your hard drive, and security vulnerabilities materialize. Sysinternals Suite 
is a collection of Windows utilities that can be downloaded for free from the 
Microsoft TechNet Web site. These utilities can be used to boost the perfor- 
mance of a slow PC, repair errors in the registry and on a hard drive, remove 
unnecessary files, improve system security and privacy, and optimize sluggish 
system processes. 

Although many PC utility programs come installed on computers, you can 
also purchase utility programs separately. There are hardware utilities that can 
be used to check the status of all parts of the PC, including hard disks, memory, 
modems, speakers, and printers. Disk utilities check the hard disk’s boot sector, 
file allocation tables, and directories and analyze them to ensure that the hard 
disk is not damaged. Antivirus and antimalware utilities can be used to con- 
stantly monitor and protect a computer. If a virus or other malware is found, it 
can often be removed. File-compression utilities can reduce the amount of disk 
space required to store a file or reduce the time it takes to transfer a file over the 
Internet. Both Windows and Mac operating systems let you compress or decom- 
press files and folders. A broad range of network- and systems-management 
utility software is available to monitor hardware and network performance and 
trigger an alert when a server is crashing or a network problem occurs. IBM’s 
Tivoli Netcool Network Management, Hewlett-Packard’s Automated Network 
Management Suite, and Paessler’s PRTG Network Monitor can be used to solve 
computer network problems and help save money (see Figure 4.11). 
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Managing the vast array of operating systems for smartphones and mobile 


devices has been difficult for many companies. Many organizations unwisely 
allow employees to connect to corporate databases using smartphones and 
mobile devices with little or no guidance. Utility programs called mobile device 
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middleware: Software that allows 
various systems to communicate and 
exchange data. 


service-oriented architecture 
(SOA): A software design approach 
based on the use of discrete pieces 
of software (modules) to provide 
specific functions as services to other 
applications. 


application programming 
interfaces (API): A set of 
programming instructions and 
standards that enable one 
microservice to access and use the 
services of another microservice. 


Critical 
Thinking 
Exercise 
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management (MDM) software can help a company manage security, enforce 
corporate strategies, and control downloads and content streaming from cor- 
porate databases into smartphones and mobile devices. They can even be used 
to wipe a device of all apps and data if it is lost or stolen. Brookdale Senior 
Living is a major owner and operator of senior living communities, operating 
over 1,100 senior living communities and retirement communities in the United 
States. The organization employs MDM software to enable the clinical staff to 
safely access and update medical records from remote sites and ensure that 
sensitive patient data is always secure.” 


Middleware 


Middleware is software that provides messaging services that allow different 
applications to communicate and exchange data. Middleware is software that lies 
between an operating system and the applications running on it. For example, it 
can be used to transfer a request for information from a corporate customer on 
the company Web site to a traditional database on a mainframe computer and 
to return the results of that information request to the customer on the Internet. 

The use of middleware to connect disparate systems has evolved into an 
approach for developing software and systems called SOA. Service-oriented 
architecture (SOA) is a software design approach based on the use of discrete 
pieces of software (modules) to provide specific functions (such as displaying a 
customer’s bill statement) as services to other applications. Each module is built 
in such a way that ensures that the service it provides can exchange informa- 
tion with any other service without human interaction and without the need to 
make changes to the underlying program itself. In this manner, multiple mod- 
ules can be combined to provide the complete functionality of a large, complex 
software application. Systems developed with SOA are highly flexible, as they 
allow for the addition of new modules that provide new services required to 
meet the needs of the business as they evolve and change over time. 

Many organizations have taken the SOA approach to the extreme and built 
complex applications using a series of smaller specialized applications called 
microservices. Each microservice performs a single well-defined function. 
Microservices communicate to one another using agreed upon interfaces called 
application programming interfaces (API). This enables many microservices 
to be linked together in Lego fashion to create a large, complex, multifunctional 
application. A major advantage of the SOA approach is that a microservice 
built for one application may be reused in another application to perform the 
same function. Reapplication of proven microservices greatly reduces software 
development time and improves software quality. 

Expedia, Inc., the U.S. travel company, employs a software development 
strategy based on microservices. Its Checkout online payment function that 
supports billions of dollars in transactions and has a huge number of features 
has been subdivided into a series of much smaller and more logical-like sets 
of microservices. The benefit of smaller, segmented applications is that Expe- 
dia can update these microservices quicker or quickly add new microservices 
providing new services. Currently Expedia follows a weekly deployment cycle 
but will eventually shorten this to daily software releases allowing developers 
to try out new ideas and add new features quickly.” 


Embedded System for Smart Oven 
m TECHNOLOGY AGILITY 


You are designing an app and a state-of-the-art “smart” oven that can be controlled 
remotely via smartphone. The app allows the user to select cooking time, tempera- 
ture, start, stop, set time of day, and cancel. The oven has a display to show the 
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Application Software 


cooking time left, temperature, and time of day. In addition, the oven has a heating 
element for cooking the food, a door sensor to sense when the door is open, and a 
weight sensor to detect if there is an item in the oven. A beeper sounds when the 
cooking time is expired. It is possible to cook at item for a period of time at one 
temperature, stop, and then reset the temperature and cook for a while at another 
temperature. Cooking is only permitted when the door is closed and when there 
is something in the oven. Cooking can be interrupted at any time by opening the 
oven door or entering the stop command to the app. Cooking is terminated when 
the timer elapses. When the door is open a lamp inside the oven is switched on; 
when the door is closed the lamp is off. 


Review Questions 

1. What operating systems could be employed in the smartphone? 

2. What operating systems could be employed in the embedded system to control 
the oven? Must this be a real-time operating system? Why or why not? 


Critical Thinking Questions 

1. What safety features should be designed into the software? Should these fea- 
tures be programmed into the smartphone app or the software that operates 
the stove or both? 

2. What are some creative additional features that might be designed into the 
oven? 


The primary function of application software is to apply the power of a com- 
puter system to enable people, workgroups, and entire enterprises to solve 
problems and perform specific tasks. Millions of software applications have 
been created to perform a variety of functions on a wide range of operating 
systems and device types. The following are some of the dozens of categories 
of applications: 


Business Genealogy Personal information manager 
Communications Language Photography 

Computer-aided design Legal Public safety 

Desktop publishing Library Science 

Educational Medical Simulation 

Entertainment Multimedia Video 

Gaming Music Video games 


In almost any category of software, you will find many options from which 
to choose. For example, Microsoft Internet Explorer and Edge, Mozilla Firefox, 
Google Chrome, Apple Safari, and Opera are all popular Web browsers that 
enable users to surf the Web. The availability of many software options enables 
users to select the software that best meets the needs of the individual, work- 
group, or enterprise. For example, the Procter & Gamble Company, a large, 
multi-national organization, chose the SAP Enterprise Resource Planning soft- 
ware with its vast array of options, features, and functionality to meet its com- 
plex global accounting needs. However, a small neighborhood bakery might 
decide that Intuit’s QuickBooks, an accounting software package designed for 
small businesses, meets its simple accounting needs. 
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Overview of Application Software 


Proprietary software and off-the-shelf software are two important types of 
application software. The relative advantages and disadvantages of proprietary 
software and off-the-shelf software are summarized in Table 4.8. The primary 
advantages of proprietary software are that you are directly involved in the 
development of the software and so are more likely to get the features that 
are needed. You also have control over the changes made to the software to 
meet evolving needs. The disadvantages of proprietary software are that it can 
take a significant amount of time and resources to develop, in-house system 
development staff may be hard-pressed to provide the required level of ongo- 
ing support and maintenance, and there is significant risk the project may 
exceed budget and schedule. The advantages of off-the-shelf software are the 
initial cost is likely less, the users can evaluate the features of the software to 
ensure that it meets their needs, and the software is likely to be of high quality. 
The disadvantages of off-the-shelf software are it may come with features not 
needed, it may lack important features necessitating expensive customization, 
and the software may not match current work processes and data standards. 


TABLE 4.8 Comparison of proprietary and off-the-shelf software 


Off-the-Shelf Software 


Proprietary Software 


Advantages Disadvantages Advantages Disadvantages 


The initial cost is lower 


You can get exactly what 
you need in terms of fea- 
tures, reports, and so on. 


Being involved in the 
development offers more 
control over the results. 


You can more easily mod- 
ify the software and add 
features. This can help you 
to counteract an initiative 
by competitors or to meet 
new supplier or customer 
demands. 


It can take a long time 
and a significant amount 
of resources to develop 
required features. 


In-house system develop- 
ment staff may be hard- 
pressed to provide the 
required level of ongoing 
support and maintenance 
because of pressure to 
move on to other new 
projects. 


The features and perfor- 
mance of software that has 
yet to be developed pres- 
ents more potential risk. 


because the software firm 
can spread the develop- 
ment costs across many 
customers. 


The software is likely to 
meet the basic business 
needs. Users have the 
opportunity to more fully 
analyze existing features 
and the performance 

of the package before 
purchasing. 


The package is likely to 
be of high quality because 
many customer firms have 
tested the software and 
helped identify its bugs. 


An organization might 
have to pay for features 
that it does not require 
and never uses. 


The software might lack 
important features, thus 
requiring future modifica- 
tion or customization. This 
can be very expensive, and 
because users will eventu- 
ally be required to adopt 
future releases of the soft- 
ware, the customization 
work might need to be 
repeated. 


The software might not 
match current work pro- 
cesses and data standards. 


proprietary software: One-of-a- 
kind software designed for a specific 
application and for an individual 
company, organization, or person that 
uses it. 


Proprietary software is one-of-a-kind software designed for a specific 
application and for an individual company, organization, or person that uses 
it. Proprietary software can give a company a competitive advantage by pro- 
viding services or solving problems in a unique manner—better than methods 
used by a competitor. For example, Amazon’s proprietary e-commerce software 
employs its patented 1-Click checkout process that enables customers to com- 
plete a purchase with a single click using payment credentials and shipping 
information previously stored with Amazon. This eliminates the tedious and 
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off-the-shelf software: Software 
produced by software vendors to 
address needs that are common 
across businesses, organizations, or 
individuals. 


software as a service 

(SAAS): A software distribution 
model under which a third-party 
provider hosts applications and makes 
them available to subscribers over the 
Internet. 


FIGURE 4.12 


Software as a service 


error prone step of manually entering payment card and shipping address 
information. 1-Click also enables Amazon Echo owners to complete a purchase 
with a single voice command. Other companies that wish to employ the 1-Click 
checkout process must pay a license fee to Amazon, thus the software has cre- 
ated a competitive advantage. It is estimated that Amazon’s exclusive hold on 
this process has earned it billions in licensing fees.“ 

Off-the-shelf software is produced by software vendors to address needs 
that are common across businesses, organizations, or individuals. Literally 
thousands of small, medium, and large companies around the world employ 
off-the-shelf software from German software manufacturer SAP to support 
their routine business processes, maintain records about those processes, and 
provide extensive reporting and data analysis capabilities. 


Software as a Service (SaaS) 


Software as a service (SaaS) is a software distribution model under which a 
third-party provider hosts applications and makes them available to subscrib- 
ers over the Internet as shown in Figure 4.12. In most cases, subscribers pay a 
monthly service charge or a per-use fee. Many business activities are supported 
by SaaS. SaaS providers include Oracle, SAP, NetSuite, Salesforce, Google, and 
many others. There are several advantages associated with the SaaS model, as 
follows: 


e SaaS applications are available from any computer or any device— 
anytime, anywhere. Users simply logon to the SaaS vendor’s Web site 
and enter a logon and password to access the software and their data. 

e Since the SaaS provider manages all upgrades and new releases, there 
are no software patches for customers to download or install. This frees 
up time for members of the IS organization and ensures users always 
have access to the latest most up-to-date version of the software. 

e The cost associated with upgrades and new releases are lower than the 
traditional software licensing model that usually forces the user to buy 
an upgrade package and install it. 

e The SaaS provider manages service levels and availability, so there’s 
no need for subscribers to add hardware, software, or communications 
capacity as the number of users increases. 


Mobiles 


SaaS Provider 


Mobiles 
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Google’s Chromebook line of personal computers employ the SaaS model. 
Built by Samsung and Acer, Chromebooks include only an Internet browser— 
with all software applications accessed through an Internet connection. Rather 
than installing, storing, and running software on the Chromebook, users access 
software that is stored on and delivered from a Web server. Typically, the data 
generated by the software is also stored on the Web server. 


Personal Application Software 


Hundreds of thousands of personal software applications are available to meet 
the needs of individuals at school, home, and work—with new applications 
released daily. New computer software under development, along with existing 
GPS technology, for example, will enable people to see 3D views of where they 
are, along with directions and 3D maps to where they would like to go. The 
features of some popular types of personal application software are summa- 
rized in Table 4.9. In addition to these general-purpose programs, thousands 
of other personal computer applications perform specialized tasks that help 
users prepare their taxes, get in shape, lose weight, get medical advice, write 
wills and other legal documents, repair their computers, fix their cars, write 
music, and edit pictures and videos. This type of software, often called user 
software or personal productivity software, includes the general-purpose tools 


and programs that support individual needs. 


TABLE 4.9 Examples of personal application software 


Type of Software 


Word processing 


Spreadsheet 


Database 


Graphics 


Personal information 
management 


Project management 


Financial 
management 


Desktop publishing 
(DTP) 


Use 


Create, edit, and print text documents 


Perform statistical, financial, logical, data- 
base, graphics, and date and time calcula- 
tions using a wide range of built-in functions 


Store, manipulate, and retrieve data 


Develop graphs, illustrations, drawings, and 
presentations 


Helps people, groups, and organizations 
store useful information, such as a list of 
tasks to complete or a set of names and 

addresses 


Plan, schedule, allocate, and control people 
and resources (money, time, and technology) 
needed to complete a project according to 
schedule 


Track income and expenses and create 
reports to create and monitor budgets (some 
programs also have investment portfolio 
management features) 


Use with personal computers and high- 
resolution printers to create high-quality 
printed output, including text and graphics; 
various styles of pages can be laid out; art 
and text files from other programs can also 
be integrated into published pages 


Example 


Apache OpenOffice Writer Apple Pages 
Corel Write Google Docs Microsoft Word 
WordPerfect 


Apache OpenOffice Calc Apple Numbers 
Google Sheets IBM Lotus 1-2-3 Microsoft 
Excel 


Apache OpenOffice Base Microsoft Access 
IBM Lotus Approach 


Adobe FreeHand Adobe Illustrator Apache 
OpenOffice Impress Microsoft PowerPoint 


Google Calendar Microsoft Calendar Micro- 
soft Outlook One Note 


Microsoft Project Scitor Project Scheduler 


GnuCash Intuit Mint Intuit Quicken Money- 
dance You Need a Budget (YNAB) 


Adobe InDesign Apple Pages Corel Ventura 
Publisher Microsoft Publisher QuarkXpress 
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Software Suites and Integrated Software Packages 


software suite: A collection of A software suite is a collection of programs packaged together and sold in a 
programs packaged together and sold bundle. A software suite might include a word processor, a spreadsheet pro- 
in a bundle. 


gram, a database management system, a graphics program, communications and 
note-taking tools, and organizers. Some suites support the development of Web 
pages. Some offer a speech-recognition feature—so that applications in the suite 
can accept voice commands and record dictation. Software suites offer many 
advantages. The software programs within a suite have been designed to work 
similarly—after you learn the basics for one application, the other applications 
are easy to learn and use. Buying software in a bundled suite is cost effective; 
the programs usually sell for a fraction of what they would cost individually. 

Table 4.10 lists the most popular general-purpose software suites for per- 
sonal computer users. Most of these software suites include a spreadsheet 
program, a word processor, a database program, and graphics presentation 
software. All can exchange documents, data, and diagrams. In other words, 
you can create a spreadsheet and then cut and paste that spreadsheet into a 
document created using the word-processing application. 


TABLE 4.10 Major components of leading software suites 


Personal Corel 
Productivity Microsoft WordPerfect Apache G Suite 
Function Office Office OpenOffice Apple iWork (Google Apps) 
Word processing Word WordPerfect Writer Pages Docs 
Spreadsheet Excel Quattro Pro Calc Numbers Sheets 
Presentation graphics PowerPoint Presentations Impress and Keynote Slides 

Draw 
Database Access Paradox Base N/A N/A 


Microsoft, Apple, and Google also offer Web-based productivity software 
suites that do not require the installation of any software on your device 
except a Web browser. Figure 4.13 depicts the Microsoft Office 365 Software 
as a Service. These Software as a Service cloud-based applications cost on the 
order of $10 per user per month depending on the features and the amount of 
cloud-based storage requested. 

Whirlpool is a leading manufacturer and marketer of major home appli- 
ances with 68,000 employees and 66 manufacturing and technology research 
centers around the world. A key challenge it faces is the need to innovate faster. 
Its CIO believes that Google Apps helps to connect its employees to think, 
share ideas, and move faster to bring products to the marketplace. This enables 
Whirlpool to unleash the talent in the company without a lot of IT support.“ 


Other Personal Application Software 


In addition to the software already discussed, many other interesting and pow- 
erful application software tools are available for personal and business use, 
as follows: 


e CreditKarma Tax, TaxAct, Tax Slayer, and TurboTax are popular 
tax-preparation programs that each year saves millions of people many 
hours and even dollars in preparing their taxes. 

e With just a quick online search, you can find software for creating Web 
sites, composing music, and editing photos and videos. MuseScore, for 
example, enables you to create, play back, and print sheet music. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


FIGURE 4.13 


Office 365 software as a 


service 

Microsoft office 365 is a web-based 
application suite that offers basic 
software suite features over the 
internet using cloud computing. 
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A Office 365 


Office 365 ProPlus 


Your Office instantly—wherever you go 


For bu: tt a Jffice productivity and 
collaboration t Si oth upgrades 


What's included Office applications Compliance and BI IT flexibility and control 
Get the latest Office, business-class E P3] E E Control access, Deploy on your 
email, document sharing, and web CA prevent data loss, and terms and 
meetings—rich productivity services Gs [E Pa} L gain insight fast with monitor your 

for modern users with the IT advanced tools system's health 
flexibility and control you need. in real time 


e Many people use educational and reference software and software for 
entertainment, games, and leisure activities. Game-playing software is 
popular and can be very profitable for companies that develop games 
and various game accessories, including virtual avatars such as colorful 
animals, fish, and people. 

e Some organizations have launched programs designed to promote phys- 
ical activity by incorporating the use of active video games (e.g., Wii 
Boxing and Dance Dance Revolution) into broader physical education 
programs. Retirement communities also use video games to keep seniors 
physically active. 

e Engineers, architects, and designers often use computer-assisted design 
(CAD) software to design and develop buildings, electrical systems, 
plumbing systems, and more. Autosketch, CorelCAD, and AutoCad are 
examples of CAD software. 

e Other programs perform a wide array of statistical tests. Colleges and 
universities offer many courses in statistics that use this type of applica- 
tion software. Two popular statistical analytics applications in the social 
sciences are SPSS and SAS. 


Software companies are even developing mobile apps that are changing 
the whole dating scene. For example, SceneTap, an application for iPhones and 
Android devices, can determine the number of people at participating bars, 
pubs, or similar establishments and the ratio of males to females. The applica- 
tion uses video cameras and facial-recognition software to identify males and 
females. SocialCamera, an application for Android phones, allows people to 
take a picture of someone and then search their Facebook friends for a match. 
However, many people consider facial-recognition software a potential invasion 
to privacy. 


Mobile Application Software 


The number of applications (apps) for smartphones and other mobile devices 
has exploded in recent years. Besides the proprietary apps that come with 
these devices, hundreds of thousands of mobile apps have been developed 
by third parties. As of April 2018, Apple’s App Store had over 2.1 million apps 
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available for iOS device users. Android users could choose from over 2.8 mil- 
lion mobile apps on Google’s Play Store. The Windows store had 700,000 apps, 
and Amazon had 400,000 apps available.“ 

Table 4.11 lists a few mobile application categories. Many apps are free, 
whereas others range in price from 99 cents to hundreds of dollars. 


TABLE 4.11 Categories of mobile applications 


Category Description 


Books and reference Access e-books, subscribe to journals, or look up information on the Merriam-Webster or 
Wikipedia Web sites 


Business and finance Track expenses, trade stocks, and access corporate information systems 


Entertainment Access all forms of entertainment, including movies, television programs, music videos, and 
information about local night life 


Games Play a variety of games, from 2D games such as Pacman and Tetris to 3D games such as 
Need for Speed, Call of Duty, and Minecraft 


Health and fitness Track workout and fitness progress, calculate calories, and even monitor your speed and 
progress from your wirelessly connected Nike shoes 


Lifestyle Find good restaurants, make a dinner reservation, select wine for a meal, and more 
Music Find, listen to, and create music 
News and weather Access major news and weather providers, including Reuters, AP, the New York Times, and 


the Weather Channel 


Photography Organize, edit, view, and share photos taken on your phone’s camera 


Productivity and utilities Create grocery lists, practice PowerPoint presentations, work on spreadsheets, synchronize 


with PC files, and more 
Social networking Connect with others via major social networks, including Facebook, Twitter, and Instagram 
Sports Keep up with your favorite team or track your own golf scores 
Travel and navigation Use the GPS in your smartphone to get turn-by-turn directions, find interesting places to 


visit, access travel itineraries, and more 


workgroup application 
software: Software designed to 
support teamwork, whether team 
members are in the same location or 
dispersed around the world. 


Workgroup Application Software 


Workgroup application software is designed to support teamwork, whether 
team members are in the same location or dispersed around the world. Exam- 
ples of workgroup software include group-scheduling software, electronic mail, 
instant messaging, project management, and other software that enables people 
to share ideas. IBM Notes and Domino are examples of workgroup software 
from IBM. (Notes runs on the end user’s computing device, while Domino 
runs on a server and supports the end user). Web-based software is ideal for 
group use. Because documents are stored on an Internet server, anyone with 
an Internet connection can access them easily. 

Personal application software can extend into the workgroup applica- 
tion arena. For example, Apple, Google, and Microsoft all provide workgroup 
options of its online applications, which allow users to share documents, 
spreadsheets, presentations, calendars, and notes with other specified users 
or anyone on the Web. This sharing makes it convenient for several people 
to contribute to a document without concern for software compatibility or 
storage. 
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enterprise application: Software 
used to meet organization-wide 
business needs and typically shares 
data with other enterprise applications 
used within the organization. 


programming languages: Sets 
of keywords, commands, symbols, 
and rules for constructing statements 
by which humans can communicate 
instructions to a computer. 
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Enterprise Application Software 


An enterprise application is software used to meet organization-wide busi- 
ness needs and typically shares data with other enterprise applications used 
within the organization. Enterprise applications support processes in logis- 
tics, manufacturing, human resources, marketing and sales, order processing, 
accounting, inventory control, customer relationship management, and other 
essential business functions. These processes require cross-functional col- 
laboration with employees from multiple organizational units, and even peo- 
ple outside the organization such as customers, suppliers, and government 
agencies. Enterprise applications are required to comply with an organiza- 
tion’s security guidelines and may also be required to comply with standards 
defined by government agencies or industry groups to which the organiza- 
tion belongs. For example, all organizations that store, process, and transmit 
cardholder data strive to meet the Payment Card Industry Data Standard 
which provides a framework of specifications, tools, measurements, and sup- 
port resources to help organizations ensure the safe handling of cardholder 
information. 

The total cost, ease of installation, level of training and support required, 
and the ability to integrate the software with other enterprise applications are 
the major considerations of organizations when selecting enterprise software. 
The ability to run enterprise applications on smartphones and other mobile 
devices is becoming a priority for many organizations. 

Enterprise software also helps managers and workers stay connected. At one 
time, managers and workers relied on email to stay in touch with each other, but 
business collaboration and enterprise social networking tools—such as Asana, 
blueKiwi, Yammer, and Jive—are replacing traditional email and text messaging. 

But how are all these systems actually developed and built? The answer is 
through the use of programming languages, some of which are discussed in 
the next section. 


Programming Languages 


Both system and application software are written in coding schemes called 
programming languages that provide instructions to the computer system so 
that it can perform a processing activity. Information systems professionals 
work with different programming languages, which are sets of keywords, 
commands, symbols, and rules for constructing statements that people can use 
to communicate instructions to a computer. Programming involves translating 
what a user wants to accomplish into a code that the computer can understand 
and execute. Program code is the set of instructions that signal the CPU to 
perform circuit-switching operations. In the simplest coding schemes, a line 
of code typically contains a single instruction such as, “Retrieve the data in 
memory address X.” The instruction is then decoded during the instruction 
phase of the machine cycle. 

Like writing a report or a paper in English, writing a computer program 
in a programming language requires the programmer to follow a set of rules. 
Each programming language uses symbols, keywords, and commands that 
have special meanings and usage. Each language also has its own set of 
rules, called the syntax of the language. The language syntax dictates how 
the symbols, keywords, and commands should be combined into statements 
capable of conveying meaningful instructions to the CPU. Rules such as 
“statements must terminate with a semicolon,” and “variable names must 
begin with a letter,” are examples of a language’s syntax. A variable is a 
quantity that can take on different values. Program variable names such as 
SALES, PAYRATE, and TOTAL follow the sample rule shown above because 
they start with a letter, whereas variables such as %INTEREST, $TOTAL, and 
#POUNDS do not. 
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With higher-level programming languages, each statement in the language 
translates into several instructions in machine language. A special software 
compiler: A special software program called a compiler translates the programmer’s source code into the 
program that converts the — machine-language instructions, which consist of binary digits. A compiler cre- 
programmer’s source code into the ; A 
machine-lanġguage instructions: whieh ates a two-stage process for program execution. First, the compiler translates 
consist of binary digits. the program into a machine language; second, the CPU executes that program. 
Another programming approach is to use an interpreter, which is a language 
translator that carries out the operations called for by the source code. An 
interpreter does not produce a complete machine-language program. After the 
statement executes, the machine-language statement is discarded, the process 
continues for the next statement, and so on. 

Most software today is created using an integrated development environ- 
ment. An integrated development environment (IDE) combines all the tools 
required for software engineering into one package. For example, the popular 
IDE Microsoft Visual Studio includes an editor that supports several visual 
programming interfaces and languages (visual programming uses a graphical 
or “visual” interface combined with text-based commands), a compiler and 
an interpreter, programming automation tools, a debugger (a tool for finding 
errors in the code), and other tools that provide convenience to the developer. 
Software developers for Google’s Android smartphone platform use the Java 
programming language along with the Android Studio with built-in Android 
Developer Tools to streamline their Android app development. This is an exam- 
ple of a software development kit (SDK), which is a set of tools that enable the 
creation of software for a particular platform. They can also use special code 
libraries provided by Google for Android functionality, and they test out their 
applications in an Android Emulator.” 

IDEs and SDKs have made software development easier than ever. Many 
novice coders, including some who might have never considered developing 
software, are publishing applications for popular platforms such as Facebook 
and the iPhone. 

Table 4.12 lists some of the most commonly used programming languages 
and identifies how they are used. 


TABLE 4.12 Popular programming languages and what they are used to build 


Application System Embedded Data 
Language Software Software Systems Websites Analysis Games 
Assembly X 
C X X x X X X 
CEE X X X X 
CSS X 
HTML X 
Java X X X X X 
Java Script X 
Perl X 
PHP X 
Python X X X 
R x 
SAS X 
SQL X 
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end user license agreement 
(EULA): The legal agreement 
between the software manufacturer 
and the user of the software that 
stipulates the terms of usage. 


open-source software: Software 
that is distributed, typically for free, 
with the source code also available so 
that it can be studied, changed, and 
improved by its users. 
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Software Licenses 


When people purchase software, they do not own the software, but rather 
they are licensed to use the software on a computer. The End User License 
Agreement (EULA) is the legal agreement between the software manufacturer 
and the user of the software that stipulates the terms of usage. The EULA is 
displayed with the installation dialog and requires the user to “Accept” the 
terms of the EULA to complete installation. The EULA is written to protect the 
software manufacturer and generally disclaims all liabilities for loss of data 
and errors in calculation when the software is running. Software users are 
also prohibited from copying the software or giving it to others. Licenses that 
accommodate multiple users are usually provided at a discounted price. There 
are three primary types of end user licenses: 


e A single-user license allows the program to be installed and used on one 
CPU that is not accessed by other users over a network. The software can 
be used only on a single computer, and other users cannot access or run 
the software while connected to your computer. 

e Individual/multiuser licenses are volume licenses that allow the licensee 
to install the software on a certain number of computers. The licensee 
must satisfy a minimum purchase requirement to receive a reduced price. 
When purchasing the licenses, the licensee usually receives one copy of 
the media and documentation, with the option of purchasing more. 

e Network/multiuser licenses require that you have a single copy of the 
software residing on a file server. With per server licensing, a specified 
number of client access licenses (CALs) are associated with a particular 
server. The number of devices that can legally access that server simul- 
taneously is limited to the number of CALs purchased for that particular 
server. 


Bitmanagement Software, a German software manufacturer, accused the 
U.S. Navy of copying some 558,000 copies of its 3D modelling software BS 
Contract without purchasing the necessary software licenses. The firm filed suit 
in the U.S. Court of Federal Claims seeking damages of $596 million or about 
$1,067 per copy. 


Open-Source Software 


Open-source software is software that is distributed, typically for free, with 
the source code also available so that it can be studied, changed, and improved 
by its users. Over time, open-source software evolves in response to the com- 
bined contributions of its users. The Code For America (CFA) organization, for 
example, used open-source software to develop a map-based app for the city of 
Boston that allows individuals, small businesses, and community organizations 
to volunteer to shovel out specific hydrants that might be completely covered 
with snow in the winter. After creating the app for Boston, CFA made its efforts 
available for free to other cities and municipalities. Table 4.13 provides exam- 
ples of popular open-source software applications. 

Open-source software is not completely devoid of restrictions. Much of 
the popular free software in use today is protected by the GNU General Public 
License (GPL). The GPL grants you the right to do the following: 


e Run the program for any purpose 

e Study how the program works and adapt it to your needs 

e Redistribute copies so you can help others 

e Improve the program and release improvements to the public 


Why would an organization run its business using software that’s free? Can 
something that’s given away over the Internet be stable, reliable, or sufficiently 
supported to place at the core of a company’s day-to-day operations? The 
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TABLE 4.13 Examples of open-source software 


Software Category 


Apache HTTP Server Web server 


Apache OpenOffice Application software 


Drupal Web publishing 
Firefox Web browser 

Gimp Photo editing 
Grisbi Personal accounting 
Linux Operating system 
MySQL Database software 


ProjectLibre Open Project Project management 


answer is surprising—many believe that open-source software is often more 
reliable and secure than commercial software. How can this be? First, because 
a program’s source code is readily available, users can fix any problems they 
discover. A fix is often available within hours of a problem’s discovery. Second, 
because the source code for a program is accessible to thousands of people, 
the chances of a bug being discovered and fixed before it does any damage 
are much greater than with traditional software packages. 

However, using open-source software does have some disadvantages. 
Although open-source systems can be obtained for next to nothing, the up-front 
costs are only a small piece of the total cost of ownership that accrues over 
the years that the system is in place. Some claim that open-source systems 
contain many hidden costs, particularly in terms for user support and debug- 
ging. Licensed software comes with guarantees and support services, whereas 
open-source software does not. Still, many businesses appreciate the additional 
freedom that open-source software provides. The question of software support 
is typically the biggest stumbling block to the acceptance of open-source soft- 
ware at the corporate level. Getting support for traditional software packages 
is easy—you call a company’s toll-free support number or access its Web site. 
But how do you get help if an open-source package doesn’t work as expected? 
Because the open-source community lives on the Internet, you look there for 
help. Through the use of Internet discussion areas, you can communicate with 
others who use the same software, and you might even reach someone who 
helped develop it. Ideally, users of popular open-source packages can get 
correct answers to their technical questions within a few hours of asking for 
help on the appropriate Internet forum. Another approach is to contact one 
of the many companies emerging to support and service such software—for 
example, Red Hat for Linux and Sendmail, Inc., for Sendmail. These companies 
offer high-quality, for-pay technical assistance. 

Burton Snowboards was founded in 1977 by Jake Burton, who sold his first 
snowboards out of his Vermont barn. As part of an upgrade of the company’s 
existing SAP and Oracle applications, Burton decided to migrate its operating 
platform to SUSE Linux Enterprise Server, an open-source solution. SUSE, which 
is certified by both SAP and Oracle, offered the company a highly dependable 
and flexible platform for its business-critical systems. With SUSE, Burton is able 
to quickly make its own updates to adapt to changing business needs, but it 
also has access to ongoing support, including technical information and expert 
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advice available through the SUSE Web site—all with the lower software cost 
that an open-source solution offers.” 


Software Upgrades 


Software companies revise their programs periodically. Software upgrades, 
which are an important source of increased revenue for software manufactur- 
ers, vary widely in the benefits that they provide, and what some people call a 
benefit, others might call a drawback. Deciding whether to upgrade to a new 
version of software can be a challenge for corporations and people with a large 
investment in software. Some organizations choose not to immediately down- 
load the most current software version or upgrade unless it includes significant 
improvements or capabilities. Most organizations have limited IS resources and 
must balance effort spent on software upgrades and effort spent on new proj- 
ects expected to yield new business benefits. Often, software upgrade projects 
are assigned lower priority. 

Developing a software upgrade strategy is important for many businesses. 
American Express, for example, has standardized its software upgrade process 
around the world to make installing updated software faster and more efficient. 
The standardized process also helps the company make sure that updated 
software is more stable, with fewer errors and problems. 


Critical Architectural Firms Looks at Software as a Service 

Thinking FINANCE 

Exercise 
You are a financial analyst for a mid-size architectural firm with some 100 
employees located in three cities across the United States The firm consistently 
earns over $30 million in annual revenue by providing engineering and design 
services that cover a variety of structures and systems, from building brand new 
facilities to renovating and rehabilitating those that already exist. It specializes in 
providing exceptional design services for HVAC, electrical, piping, fire protection, 
and lighting systems. 

The firm currently has a perpetual license for state-of-the-art computer-aided 
design and drafting software for its 50 architects and engineers at a cost of $6,000 
for each copy. The software is periodically in need of software patches to fix bugs 
and/or security issues. These are provided at no additional cost. However, there is a 
$400/year charge per user for technical support. Patches are centrally managed and 
applied each quarter to all copies by a member of the firm’s IT staff. This typically 
requires that an IT support person spend about 1 hour with each user and their 
computer. The software manufacturer provides a major new release every three 
years at an upgrade cost of $4,000. 

You have been asked to evaluate the advisability of moving to a software as a 
service solution and paying a monthly fee $300 per user that includes all technical 
support, software support, and upgrades to new releases. 


Review Questions 


1. What are the costs over a six-year period associated with the current arrange- 
ment? What would be the costs with the software as a service solution? 
2. What advantages are associated with the software as a service approach? 


Critical Thinking Questions 

1. What potential problems are associated with the software as a service approach? 

2. Would you recommend that the firm move from the current arrangement to a 
software as a service approach? Why or why not? 
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Principle: 


The computer hardware industry is rapidly changing and highly compet- 
itive, creating an environment ripe for technological breakthroughs. 

Computer hardware should be selected to meet specific user and business 
requirements. These requirements can evolve and change over time. 

Computer system hardware components include devices that perform 
input, processing, data storage, and output. These include the processor, mem- 
ory, buses, and input/output devices that all cooperate to execute program 
instructions following a fetch, decode, execute, and store process. 

A multicore processor is one that combines two or more independent pro- 
cessors into a single computer so that the independent processors can share 
the workload. 

Computer system processing speed is affected by clock speed, which is 
measured in gigahertz (GHz). As the clock speed of the CPU increases, more 
heat is generated, which can corrupt the data and instructions the computer is 
trying to process. Bigger heat sinks, fans, and other components are required 
to eliminate the excess heat. Chip designers and manufacturers are exploring 
various means to avoid heat problems in their new designs. 

An integrated circuit—such as a processor or memory chip—is a set of 
electronic circuits on one small chip of semiconductor material. A fab or 
foundry is a factory where integrated circuits are manufactured. Fabless man- 
ufacturers outsource their manufacturing to foundry companies who fabricate 
the design. 

Multiprocessing involves the simultaneous execution of two or more 
instructions at the same time. 

Parallel processing is the simultaneous execution of the same task on mul- 
tiple processors to obtain results more quickly. Massively parallel processing 
involves linking many processors to work together to solve complex problems. 

Grid computing is the use of a collection of computers, often owned by 
multiple individuals or organizations that work in a coordinated manner to 
solve a common problem. 


Principle: 


Computer hardware must be carefully selected to meet the evolving needs 
of the organization and its supporting information systems. 

Computer systems are generally divided into three classes: single-user por- 
table computers, nonportable single-user systems, and multiuser systems. 

Single-user portable computer systems include smartphones, laptops, note- 
books, and tablets. 

Nonportable single-user systems include thin client, desktop, nettop, and 
workstation computers. Some thin clients are designed to be highly portable. 

Multiuser systems include servers, blade servers, mainframes, and 
supercomputers. 

Scalability is the ability to increase the processing capability of a computer so 
that it can handle more users, more data, or more transactions in a given period. 


Principle: 


The computer hardware industry and users are implementing green com- 
puting designs and products. 

A server farm houses a large number of servers in the same room, where 
access to the machines can be controlled and authorized support personnel 
can more easily manage and maintain the servers. 
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A data center is a climate-and-access-controlled building or a set of build- 
ings that houses the computer hardware that delivers an organization’s data 
and information services. The rapid growth in data centers is stimulated by the 
increased demand for additional computing and data storage capacity and by 
the trend toward consolidating from many data centers down to a few. 

Organizations and technology vendors are trying several strategies to lower 
the ongoing cost of data center operations. 

The ability to absorb the impact of a disaster and quickly restore services 
is a critical concern when it comes to planning for new data centers. As a 
result, organizations may distribute their data centers over a wide geograph- 
ical area. 

The Uptime Institute has defined four tiers of data center classification to 
enable organizations to quantify and qualify their ability to provide a predict- 
able level of performance. The classifications are based on expected annual 
downtime, fault tolerance, and power outage protection. 

Green computing is concerned with the efficient and environmentally 
responsible design, manufacture, operation, and disposal of IT-related products. 

Many business organizations recognize that going green can reduce costs 
and is in their best interests in terms of public relations, safety of employees, 
and the community at large. 

Three specific goals of green computing are to reduce the use of hazard- 
ous material, lower power-related costs, and enable the safe disposal and/or 
recycling of IT products. 

The Electronic Product Environmental Assessment Tool can be used by 
purchasers of electronic products to evaluate, compare, and select products 
based on a set of environmental criteria. 


Principle: 


Software is valuable in helping individuals, workgroups, and entire enter- 
prises achieve their goals. 

Software can be divided into two types: system software and application 
software. 

System software includes the operating system, utility programs, and mid- 
dleware that coordinate the activities and functions of the hardware and other 
programs throughout the computer system. 

Application software consists of programs that help users solve computer 
problems. 

The operating system is a set of programs that controls a computer’s hard- 
ware and acts as an interface with application software. It performs several 
functions. 

An application programming interface is a set of programming instructions 
and standards that enable one software program to access and use the services 
of another software program. 

There are many different operating systems designed to work in the per- 
sonal, workgroup, and enterprise sphere of influence. 

Server virtualization is an approach to improving hardware utilization by 
logically dividing the resources of a single server to create virtual servers. Each 
virtual server acts as its own dedicated machine. 

Server virtualization can provide savings in four areas: lower capital costs 
for hardware, decreased energy costs to power the servers and cool the data 
center, decrease the number of software licenses that must be purchased, and 
lessen the number or personnel required to operate and support the servers. 

Utility programs perform a variety of tasks typically related to system main- 
tenance or problem correction. 

Middleware is software that provides messaging services that allow differ- 
ent applications to communicate and exchange data. 
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Service-oriented architecture is a software design approach based on the 
use of discrete pieces of software to provide specific functions as services to 
other applications. 


Principle: 


Organizations typically use off-the-shelf application software to meet com- 
mon business needs and proprietary application software to meet unique 
business needs and provide a competitive advantage. 

The initial cost of off-the-shelf software is lower, it is more likely to meet 
the basic business needs, and the software is likely to be of high quality. 

Proprietary software can take a long time to develop, in-house staff may 
be hard-pressed to provide the necessary level of support, and there is greater 
risk it will fail to work as needed. 

Software as a service (SaaS) is a software distribution model under which a 
third-party provider hosts applications and makes them available to subscribers 
over the Internet. This approach has the following advantages: SaaS application 
are available from any device, anywhere, anytime; the SaaS provider manages 
all upgrades and new releases; the costs associated with upgrades and new 
releases are lower than the traditional software licensing model; the SaaS pro- 
vider manages services levels and availability. 

There are many programming languages. They are used to build applica- 
tion software, system software, embedded systems, Web sites, and games. They 
are also used to perform data analysis. 

There are three types of End-User License Agreements—single-user license, 
individual/multiuser license, and network/multiuser license. 

Open-source software is software that is distributed, typically for free, with 
the source code also available so that it can be studied, changed, and improved 
by its users. 

Because an open-source program’s source code is available, users can fix 
any problems they discover. Open-source software does not come with guar- 
antees and support services. 

Software upgrades are an important source of increased revenue for soft- 
ware manufacturers. Organizations must balance effort spent on software 
upgrades and effort spent on new projects expected to yield new business 
benefits. 


application programming interfaces (APD desktop computer 


application software 
backward compatibility 
bioprinting 

blade server 

bus 

byte (B) 

cache memory 

clock speed 

compiler 

computer graphics card 
coprocessor 

core 


data center 


Electronic Product Environmental Assessment Tool 
(EPEAT) 


embedded system 

End User License Agreement (EULA) 
enterprise application 

four tiers of data center classification 
gigahertz (GHz) 

graphics processing unit (GPU) 
green computing 

grid computing 

hard disk drive (HDD) 

hypervisor 


input/output devices 
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integrated circuit (IC) 

kernel 

laptop 

magnetic tape 

main memory 

mainframe computer 
massively parallel processing system 
memory 

middleware 

multicore processor 
multiprocessing 

nettop computers 

off-the-shelf software 
open-source software 
operating system (OS) 

parallel processing 
programming languages 
portable computers 
proprietary software 

Radio Frequency Identification (RFID) 
random access memory (RAM) 
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read-only memory (ROM) 


redundant array of independent/inexpensive disks 
(RAID) 


scalability 

secondary storage 
semiconductor fabrication plant 
server 

server farm 

service-oriented architecture (SOA) 
server virtualization 

software as a service (SaaS) 
software suite 

solid state storage device (SSD) 
system software 
supercomputers 

tablet 

thin client 

utility program 

virtual tape 

workgroup application software 


workstation 


Self-Assessment Test 


The computer hardware industry is rapidly chang- 
ing and highly competitive, creating an environment 


ripe for technological breakthroughs. 


1. The primary hardware component of a computer 
responsible for routing data and instructions to 
and from the various components of a computer 
is the : 

De provide data and instructions 
to the computer and receive results from it. 

3. A key difference between grid computing, mul- 
tiprocessing, and parallel processing is that 


a. parallel processing is only employed with 
supercomputers 

b. grid computing is only employed with 
supercomputers 

c. multiprocessing only applies to server 
computers 

d. grid computing relies on a community of 
computers acting together 


Computer hardware must be carefully selected to 
meet the evolving needs of the organization and its 
supporting information systems. 


4. A is a class of computer used 
by people on the move to run personal pro- 
ductivity software, access the Internet, read and 


prepare email and instant messages, play games, 

listen to music, access corporate applications 

and databases, and enter data at the point of 

contact. 

single-user nonportable computer 

single-user portable computer 

multiple-user computer 

notebook computer 

Ds are three subclasses of comput- 
ers associated with the multiple-user computer. 

Smartphone, laptop, notebook, and tablet 

b. Thin client, desktop, nettop, and workstation 

c. Server, mainframe, and supercomputer 

d. Notebook, server, and nettop 


2ng 


= 


The computer hardware industry and users are 
implementing green computing designs and 
products. 


6. The class of computer used to support work- 
groups from a small department of two or three 
workers to large organizations with tens of thou- 
sands of employees and millions of customers is 
the i 

7. A data center designed to have an expected 
annual downtime of less than 30 minutes and 
able to handle a power outage of up to four days 
is a tier data center. 
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anap 
BR WN BR 


is not a specific goal of green 


computing. 

Reducing the use of hazardous material 
Lowering power-related costs 

Combating global climate change 

Enabling the safe disposal and/or recycling of 
IT products 


aor. 


Software is valuable in helping individuals, work- 
groups, and entire enterprises achieve their goals. 


9. 


10. 


11. 


12. 


13. 


The two basic types of software are application 
software and software. 


The operating system plays no role in con- 
trolling access to system resources to provide 
a high level of security against unauthorized 
access to the users’ data and programs as well 
as record who is using the system and for how 
long. True or False? 
Which of the following is not associated with the 
implementation of server virtualization? 
a. Lower capital costs for hardware 
b. Decreased energy costs to power the servers 
and cool the data center 
c. Increase in the number of software licenses 
that must be purchased 
d. Fewer personnel required to operate and sup- 
port the servers. 
is a software design approach 
based on the use of discrete pieces of software 
(modules) to provide specific functions (such 
as displaying a customer’s bill statement) as ser- 
vices to other applications. 
a. Server virtualization 
b. Multiprocessing 
c. Grid computing 
d. Service-oriented architecture 
is a class of software used to 
meet organization-wide business needs and typ- 
ically shares data with other enterprise applica- 
tions used within the organization. 


Organizations typically use off-the-shelf applica- 
tion software to meet common business needs and 


proprietary application software to meet unique 
business needs and provide a competitive advantage. 


14. 


T5: 


16. 


17. 


18. 


19; 


When comparing off-the-shelf software to pro- 
prietary software, which of the following state- 
ments is not true: 

a. Off-the-shelf software might not match cur- 
rent work processes and data standards. 

b. The initial cost of the off-the-shelf software is 
likely greater. 

c. Off-the-shelf software may include features 
that the organization or user does not require 
and never uses. 

d. Off-the-shelf software may lack important 
features thus requiring future modification or 
customization. 

Which of the following is not a true statement 

about the software as a service model. 

a. SaaS applications are available from any com- 
puter or any device—anytime, anywhere. 

b. There are no software patches for customers 
to download or install. 

c. The cost associated with upgrades and new 
releases are lower than the traditional model. 

d. The SaaS subscriber must manage service lev- 
els and availability, so there may be a need to 
add hardware, software, or communications 
capacity as the number of users increases. 

Spreadsheet, word processor, and graph- 

ics presentation software are used in the 

sphere of influence. 

Programming languages are commonly used 

to perform data analysis and build application 

software, system software, embedded systems, 

Web sites, and : 

The three primary types of end user license 

agreements are individual/multiuser, network/ 

multiuser, and 


is a form of software that is 
distributed, typically for free, with the source 
code studied, changed, and improved solely by 
the original developers. 

Software as a Service 

Licensed software 

A software suite 

Open-source software 


aor. 


Self-Assessment Test Answers 


Bo eS 


bus 
input/out put devices 
d 


b 
c 


F CI SEA 


Multiple-user computer 
d 

c 

system 

false 
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113). 


c 
d 
enterprise 
b 
d 


Review and Discussion Questions 


RS 


. What fundamental hardware component pro- 


vides the processor with a working storage area 
to hold program instructions and data? 

What is the role of the processor of a computer? 
Explain the difference between multiprocessing, 
parallel processing, and grid computing. 

The single-user portable class of computers 
includes which commonly used four subclasses 
of computers? 

Which class of computer includes servers, main- 
frames, and supercomputers? 

What subclass of computer is a low-cost, cen- 
trally managed computer with no internal or 
external attached drives for data storage? 
Identify three features that distinguish tier 1, 2, 
3, and 4 data centers. 

State three primary goals of the “green comput- 
ing” program. 

Name two basic kinds of software and identify 
their associated subclasses. 


16. 
17. 
18. 
19. 


fe 


18. 
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single-user 
games 
single-user 


d 


Identify at least four functions performed by the 
operating system. 

State three cost savings benefits associated with 
server virtualization. 

Describe how the service-oriented architec- 
ture approach is used to build software and 
microservices. 

Identify three advantages of off-the-shelf soft- 
ware versus proprietary software. 

State four key advantages of the software as a 
service model. 

Give an example of how application software is 
used in the workgroup sphere of influence. 


. What are programming languages used for other 


than to build application software, systems soft- 
ware, embedded systems, and Web sites? 
Identify the three primary types of end user 
license agreements. 

In comparison to licensed software, how is 
open-source software used and supported? 


Business-Driven Decision-Making Exercises 


1. 


You are a new buyer in the Purchasing orga- 
nization of a large multinational firm with 
operations in North America, Europe, and Asia. 
One of your responsibilities includes work- 

ing with the information systems organization 
to acquire the best value single-user portable 
computers for the firm. The firm is on a three- 
year replacement cycle for these devices and 
each year acquires roughly 7,000 portables and 
associated accessories at a cost of about $10 
million. As you review the previous year’s pur- 
chasing recommendation, you notice that the 
choice of hardware vendors was based solely 
on getting the most powerful computers at the 
lowest possible price. There was no consid- 
eration of the environmental impact of these 
devices, their energy efficiency, and the level of 
hardware maintenance effort required to keep 
them running. Should you attempt to introduce 
these factors into the purchasing decision? You 
are concerned that the others involved in the 
selection of laptop vendors may ignore your 


suggestions and view you as a newcomer criti- 
cal of previous practices. Should you drop this 
line of thought? If not, what is the best way 

to proceed to ensure these factors are given 
consideration? 

Your organization is considering using soft- 
ware from a software manufacturer that offers 
three different licensing options: (1) a perpetual 
license at a cost of $3,750 with an upgrade to 
the next release fee of $2,500; (2) a monthly 
subscription license at a cost of $175 per month; 
and (3) an annual subscription license at a cost 
of $1,500 per year. Technical support and all 
access to all new releases of the software are 
included with the subscription licenses but cost 
an additional $35 per month with the perpet- 
ual license option. The software manufacturer 
intends to make a major upgrade within the 
next year or two. Your organization will need 20 
copies of the software and intends to use this 
software for at least the next five years. Which 
licensing option is best for your organization? 
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Teamwork and Collaboration Activities 


1. You and the members of your team have been 
assigned to evaluate the economic feasibility of 
upgrading your organization’s server farm from 
a collection of various models of stand-alone 
computers to a smaller number of virtualized 
servers. The current set of 500 servers are all 
3-7 years old. The plan is to auction off the 
old servers and replace them with new, more 
powerful, and more energy efficient servers. 
Because of virtualization, fewer servers will be 
needed, less floor space will be required, the 
cost to operate the fewer, more efficient serv- 
ers will be reduced, and the cost to cool the 
data center will be reduced. What basic facts 
must your team gather to be able to do a cost 


comparison (initial cost of all hardware and 
software licenses, ongoing operating costs to 
run the servers and cool the data center) of 
continuing to run the server farm as is versus 
upgrading to new, virtualized servers? Develop 
a spreadsheet that would enable you to do this 
comparison. 

2. With the other members of your team, identify 
three humanitarian causes or scientific programs 
that could benefit from grid computing. For 
each cause or program, identify a specific goal 
to be accomplished through grid computing. 
What advantages might favor the use of public 
involved grid computing versus the use of a pri- 
vately funded supercomputer? 


Career Exercises 


1. You are a member of your company’s finance 
function and have been assigned to work with 
a multi-functional team to assess the reliability 
of your organization’s large data center. What 
other business functions should be represented 
on this team? Develop a basic set of 4 or 5 ques- 
tions that you would ask to determine if the 
organization needs to upgrade from its current 
tier 2 data center to a tier 3 or 4 data center. 
Who are the key people (by title and business 
function) who need to answer these questions? 
Should anyone outside the team be interviewed? 
If so, whom (again, by title and business 
function)? 


2. “Spreadsheets, even after careful development, 
contain errors in 1 percent or more of all for- 
mula cells,” according to Ray Panko, a professor 
of IT management at the University of Hawaii 
and an authority on bad spreadsheet practices. 
This means that in large spreadsheets there 
could be dozens of undetected errors. Imagine 
that you are a member of your organization’s 
Internal Audit function. You wish to make man- 
agement more aware of this potential problem 
and to implement measures that should be taken 
to ensure the accuracy of spreadsheets that 
are used to make key business decisions. How 
would you begin to address this problem? 


æ DECISION MAKING 


Facebook Building Efficient, Reliable 

Data Centers 

Facebook is a social networking Web site and service where 
users can post comments, share photographs and links to 
news or other interesting content on the Web, play games, 
chat live, and even stream live video. As of June 2017, Face- 
book had 2 billion monthly active users and this number is 
increasing at a rate of 17 percent per year. Two of its other 
apps, Facebook Messenger and WhatsApp, have over 

1.2 billion active users. 

All these users require lots and lots of computing 
capacity to meet their data processing needs and huge 
amounts of data storage to hold all their data, photos, 
and videos. For example, just to load a user’s home 
page can require pulling data from hundreds of servers, 


processing tens of thousands of individual pieces of data, 
and delivering the selected data in less than one second. 
With more people going live and sharing video, Facebook 
must continually add new data centers to keep up with 
the demand. Facebook spent $2.5 billion on data cen- 
ters, servers, network infrastructure, and office buildings 
in 2015. 

Facebook already has existing data centers in Prineville, 
Oregon; Forest City, North Carolina, Lulea, Sweden; and 
Altoona, Iowa. Additional data centers are being built or 
planned for Fort Worth, Texas; Clonee, Ireland; Los Lunas, 
New Mexico; Papillon, Nebraska; New Albany, Ohio; Ash- 
burn, Virginia, and Odense, Denmark. These data centers 
are large football field-sized buildings each housing tens 
of thousands of servers all networked together and to the 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


outside world. Building and outfitting each data center is a 
major project typically lasting 12 months or more and cost- 
ing over $500 million. 

A small group of Facebook engineers spent two years 
designing and building Facebook’s first data center in 
Prineville including software, servers, racks, power sup- 
plies, and cooling. When completed, the data center was 38 
percent more energy efficient to build and 24 percent less 
expensive to run than the data centers Facebook rented 
from other organizations. 

Facebook uses servers powered by chips from both 
Intel and AMD with custom designed motherboards and 
chassis. It has also investigated energy efficient ARM- 
powered servers. Facebook hardware engineers remove 
everything from the servers that is not necessary for exam- 
ple no bezels, no paints, no extra expansion slots, no mount- 
ing screws. The servers are mounted into a rack which holds 
90 servers in three columns. Cabling and power supplies are 
moved to the front of the servers so Facebook technicians 
can work on the equipment from the cold aisle, rather than 
the enclosed, 100 degree plus hot backside of the server. 
The servers are outfitted with custom power supplies that 
enable them to take power directly from the source eliminat- 
ing the need for step-down units as power passes through 
the UPS systems and power distribution units. In the event 
of a power outage, the batteries keep the servers running 
until the building’s backup generators can kick on. 

In April 2011, Facebook, together with Intel, Rack- 
space, Goldman Sachs, and Andy Bechtolsheim (billionaire 
co-founder of both Artista Networks and Sun Microsystems), 
launched the Open Compute Project Foundation. The Foun- 
dation is targeted at redesigning hardware to support the 
increasing demands of users for more efficient, flexible, and 
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scalable hardware and data centers. This is made possible 
by the sharing of details of its energy efficient data cen- 

ter design, as well as custom designs for servers, network 
switches, power supplies, and UPS units. This approach 
marks a radical departure from industry practice which typ- 
ically regards such information as intellectual property to 
be tightly protected. The Open Compute servers represent a 
significant improvement in energy efficiency and a substan- 
tial reduction in server cost. 


Critical Thinking Questions 


1. Identify three good reasons why a Tier 2 data center 
would not meet Facebook’s needs. 

2. Your organization has decided to outsource its data 
center operations. You are responsible for perform- 
ing an initial assessment of service organizations that 
wish to compete for this business. Develop a set of 
six questions you can use to determine if an organiza- 
tion’s data center is a 1, 2, 3, or 4 data center. 

3. Based on business needs, should the data center at 
your place of work (or university) be designed and 
operating as a tier 1, 2, 3, or 4 data center? Explain 
why. 
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gi Database Systems and Data 
Management 


Principles Learning Objectives 


A well-designed and e Distinguish data from information and knowledge. 
well-managed data- 
base is an extremely 
valuable tool in e Define the components of the data hierarchy including attribute, entity, record, 
supporting decision file, and database. 

making. 


e Identify six benefits gained through use of high-quality data. 


$ + 


Define the term database management system. 


Identify six functions performed by a database management system. 


Define the roles of the database schema, data definition language, and data 
manipulation language. 


+ 


Define the term data cleansing. 


Identify seven key questions that must be answered when designing a database. 


Identify six fundamental characteristics of the relational database model. 
State the purpose of data normalization. 

Identify two key benefits of enforcing the ACID properties on SQL databases. 
Identify two advantages associated with database as a service (DaaS). 


A strong data Distinguish between data management and data governance. 
management program 
is needed to ensure 

high-quality data. Iden 


Identify three factors driving the need for data management. 


+ 


ify four key responsibilities of the data governance team. 


Rawpixel.com/Shutterstock.com 


Define the role of a database administrator. 
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IS in Action 


Genomics England Finds Scientific Insights 
Through Database as a Service 


INFORMATION TECHNOLOGY 


One of the largest scientific collaborations in history, the Human Genome Project was ded- 
icated to reading the complete genetic code, or genome, of a human being. The 100,000 
Genomes Project is building on the discoveries of the Human Genome Project to develop 
lifesaving treatments for patients with conditions ranging from common cancers to rare 
diseases. Genomics England, which is owned by the United Kingdom’s Department of 
Health and Social Care, runs the 100,000 Genomes Project as part of the country’s National 
Health Service (NHS). 

A genome consists of DNA, which scientists read letter-by-letter in a process known as 
sequencing. The first genome sequencing took 13 years and about £2 billion ($2.6 billion), 
but with advances in the technology, a human genome can now be sequenced in a few 
days for less than $1,300. The goal of the 100,000 Genomes Project is to bring the benefits 
of genomic data analysis into mainstream healthcare services. 

To achieve this goal, project organizers need access to high-quality data stored in a 
secure database, which is a well-designed, organized, and carefully managed collection of 
data. In addition to technical genomic data, the 100,000 Genomes Project stores personal 
and confidential details about patients with cancer and rare diseases. The collected data 
for the project includes the age, medical conditions, diagnosis, symptoms, and treatment 
outcomes of each patient so that researchers can associate health details with genetic 
information. Connecting the details in a database allows healthcare professionals to make 
better decisions. For example, if a project participant had a poor outcome that researchers 
were able to link to a specific genetic characteristic, physicians might decide to prescribe 
more powerful treatments for future patients with similar genes. 

Because researchers in the 100,000 Genomes Project handle sensitive health informa- 
tion, they face special requirements for storing the data. A typical database is a file con- 
taining data about an entity (a person, place, or thing) and its attributes (characteristics of 
the entity). Patient number, name, address, phone number, and date of birth are examples 
of patient attributes. In a database, at least one of the attributes, such as a patient number, 
uniquely identifies each entity. To protect the privacy of project participants, however, 
researchers must remove identifying personal details, such as name and date of birth. They 
assign each participant a unique code that allows them to track the data while keeping it 
private and secure. 

In addition to privacy, researchers on the project are concerned with maintaining the 
quality of the data. The project receives digital data—including electronic health records, 
test results, and medical notes-from many different hospitals and clinics. To avoid errors, 
such as incomplete information and transmission corruption, the data is subjected to data 
cleansing, a process of detecting and then correcting or deleting incomplete, incorrect, 
inaccurate, or irrelevant records in a database. 

Acquiring and storing patient data presents one set of challenges; collecting, ana- 
lyzing, and managing the volume of genomic data presents another. As of July 2018, the 
100,000 Genomes Project had worked with 70,000 patients and family members in the 
United Kingdom to collect 21 petabytes of data (or 21 quadrillion bytes of data). To assess 
a patient’s risk for cancer, for example, researchers first sequence the patient’s genome, 
which produces about 200 GB of raw data. Next, scientists analyze the genome to deter- 
mine how it differs from a reference genome, a standard approximation of a person’s 
DNA. The faster and more accurately the scientists can process the complex queries that 
analyze the genomic data, the faster they can determine how to treat patients and help 
them avoid life-threatening diseases. 
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The 100,000 Genomes Project sequences an average of 1,000 genomes per week, or 
10 terabytes of data per day, an enormous volume for a database. To manage this amount 
of complex and sensitive data, Genomics England turned to MongoDB, a company head- 
quartered in New York that offers database as a service (DaaS), an arrangement in which 
a database is stored on a service provider’s servers and accessed by the service subscriber 
over the Internet. Using a computing platform that includes MongoDB as its DaaS, Genom- 
ics England was able to cut its hardware and software expenditures and hand off the 
database administration and maintenance tasks to MongoDB, all while reducing processing 
time from hours to milliseconds. 

Using a DaaS means that 1,500 NHS healthcare professionals and 2,500 researchers 
and trainees around the world can access the genomic data from anywhere and at any 
time. “Managing clinical and genomic data at this scale and complexity has presented 
interesting challenges,” says August Rendon, director of bioinformatics at Genomics 
England. “That’s why adopting MongoDB has been vital to getting the 100,000 Genomes 
Project off the ground. It has provided us with great flexibility to store and analyze these 
complex data sets together. This will ultimately help us to realize the benefits of the 
project—-delivering better diagnostic approaches for patients and new discoveries for the 
research community.” 

DaaS offers flexibility, lower hardware and software expenditures, and lower operat- 
ing costs than a traditional database-important considerations for a government agency. 
Another significant advantage of using a DaaS such as MongoDB is that it provides greater 
security than a local solution. A DaaS provider hosts data in a secure environment, encrypts 
and backs up the data, and allows users to access it only through multifactor authenti- 
cation. MongoDB ensures the highest levels of protection for the sensitive data that the 
100,000 Genomes Project collects. 

Even after the 100,000 Genomes Project ends, researchers in academic institutions 
and biotechnology organizations will continue working with the genomic data to develop 
new treatments, diagnostics, devices, and medicines for patients worldwide. Those patients 
will benefit from the 100,000 Genome Project’s initial efforts to store high-quality data in 
a database connecting patient and genomic information. 


As you read further about database systems and management, consider 
the following: 


e What major competitive advantages can organizations gain from the effective use 
of database as a service (DaaS)? 

e What challenges do organizations, particularly those in healthcare fields, face when 
collecting and managing data from clients or customers? 


Why Learn about Database Systems and Data 
Management? 


The world around us is constantly changing and evolving. This creates new challenges and opportunities 
for innovation for organizations around the world. Database systems make it possible to capture data 
about these changes, store it, update it, and make this data available for analysis and decision making. 
The data can be used to recognize these new challenges and opportunities. It can also be used to track 
progress toward meeting key organizational goals and identifying when a change in tactics or strategy is 
needed. 

McDonald’s implemented a database system to capture and report consumer data to measure their 
satisfaction from the national level down to individual restaurants. The data is analyzed to spot trends 
and identify opportunities as well as potential problem areas. Major oil company Exxon has multiple 
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billion-dollar projects going at one time to develop a new oilfield or construct a new deep-sea drilling 

rig. It employs database technology to keep track of the status of these critical projects. The Harris Poll 
surveys gather data about voters and customers. The results are stored in a database so they can be ana- 
lyzed by a set of standard demographics including gender, age, region, income, and education. The U.S. 
Food and Drug Administration implemented a database that contains information on adverse event and 
medication error reports submitted to the FDA. The database is a useful tool for the FDA to identify new 
safety concerns that might be related to a marketed product. 

In addition to these specific applications, almost every organization employs numerous database 
applications. The accounting function of an organization uses several databases to track purchases, 
record sales, generate invoices, and make payments. The human resources function uses a database 
to manage employee records and provide required data to government agencies. The manufacturing 
function uses multiple databases to track production, inventory, and distribution. The sales organization 
uses databases to capture information about product sales, promotions, and customers to measure the 
effectiveness of it marketing strategies and to plan new strategies. 

Before these databases can be built, they must be carefully designed to ensure that they will meet 
the needs of the organization. A team of IS and non-IS employees work together to define the processes 
by which the data is obtained, certified fit for use, stored, secured, and processed. The goal is to ensure 
that the accessibility, reliability, and timeliness of the data meets the needs of the data users within the 
organization. Whether you will be involved in the design of a database application, capture and provide 
data to the database, or use the database for analysis and decision making, you need to understand 
database systems and data management. 


Database Fundamentals 2 ’ 2 


Without data and the ability to process it, an organization cannot successfully 
complete its business activities. It cannot pay employees, send out bills, order 
new inventory, or produce information to assist managers in decision making. 
Recall that data consists of raw facts, such as employee numbers and sales 
figures. For data to be transformed into useful information, it must first be 
organized in a meaningful way. 

database: A well-designed, A database is a well-designed, organized, and carefully managed col- 

organized, and carefully managed lection of data. Like other components of an information system, a database 

collectionof data: should help an organization achieve its goals. A database can contribute to 
organizational success by providing managers and decision makers with 
timely, accurate, and relevant information built on data. Organizations 
routinely capture and store data about customers, orders, products, and 
employees in databases. These databases help companies analyze infor- 
mation to reduce costs, increase profits, add new customers, track past 
business activities, improve customer service, and identify new market 
opportunities. 

Starbucks collects data from roughly 100 million transactions each week 
from customer purchases at its 29,000 stores worldwide. This data is collected 
and stored in a database where it is used to support many business decisions— 
how much inventory to stock at each store, how many workers to schedule 
based on expected demand, where to open new stores to minimize cannibal- 
ization of sales at nearby stores, and which discounts and rewards to send 
customers to stimulate demand.' 

Databases are becoming ever more important to organizations as they deal 
with rapidly increasing amounts of information. Indeed, most organizations 
have multiple databases (e.g. customer database, product database, employee 
database). 
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data: Raw facts such as an employee 
number or total hours worked in a week. 


information: A collection of data 
organized and processed so that it has 
additional value beyond the value of 
the individual facts. 


knowledge: The awareness and 
understanding of a set of information 
and the ways that information can be 
made useful to support a specific task 
or reach a decision. 


Data, Information, and Knowledge 


Data consists of raw facts, such as an employee number, total hours worked 
in a week, an inventory part number, or the number of units produced on a 
production line. As shown in Table 5.1, several types of data can represent 
these facts. Information is a collection of data organized and processed 
so that it has additional value beyond the value of the individual facts. 
For example, a sales manager may want individual sales data summarized 
so it shows the total sales for the month, sales by salesperson, or sales by 
product line. Providing information to customers can also help companies 
increase revenues and profits. For example, social shopping Web site Kaboo- 
dle brings shoppers and sellers together electronically so they can share 
information and make recommendations while shopping online. The free 
exchange of information stimulates sales and helps ensure shoppers find 
better values. 


TABLE 5.1 Types of data 


Data Represented By 


Alphanumeric data Numbers, letters, and other characters 
Audio data Sounds, noises, or tones 

Image data Graphic images and pictures 

Video data Moving images or pictures 


Another way to appreciate the difference between data and information 
is to think of data as the individual items in a grocery list—crackers, bread, 
soup, cereal, coffee, dishwashing soap, and so on. The grocery list becomes 
much more valuable if the items in the list are arranged in order by the aisle 
in which they are found in the store—bread and cereal in aisle 1, crackers and 
soup in aisle 2, and so on. Data and information work the same way. Rules 
and relationships can be set up to organize data so it becomes useful, valuable 
information. 

The value of the information created depends on the relationships defined 
among existing data. For instance, you could add specific identifiers to the 
items in the list to ensure that the shopper brings home the correct item— 
whole wheat bread and Kashi cereal in aisle 1, saltine crackers and chicken 
noodle soup in aisle 2, and so on. By doing so, you create a more useful 
grocery list. 

Turning data into information is a process or a set of logically related tasks 
performed to achieve a defined outcome. The process of defining relationships 
among data to create useful information requires knowledge, which is the 
awareness and understanding of a set of information and the ways in which 
that information can be made useful to support a specific task or reach a deci- 
sion. In other words, information is essentially data made more useful through 
the application of knowledge. For instance, there are many brands and varieties 
of most items on a typical grocery list. To shop effectively, the grocery shopper 
must have an understanding of the needs and desires of those being shopped 
for so that he knows to purchase one can of Campbell’s (not the store brand!) 
low-sodium chicken noodle soup for the family member who is diabetic along 
with two cans of Campbell’s regular chicken noodle soup for everyone else. 
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In some cases, people organize or process data in a simple three-step pro- 
cess of collect data, organize data, and analyze data. 


The Value of Information 


The value of information is directly linked to how it helps decision makers 
achieve their organization’s goals. Valuable information can help people per- 
form tasks more efficiently and effectively. Many businesses assume that reports 
are based on correct, quality information, but, unfortunately, that is not always 
true. For example, Experian (a global information services firm that provides 
credit services, marketing services, decision analytics, and consumer services) 
estimates that on average, 22 percent of an organization’s customer contact data 
is wrong.” Companies can easily waste over $100 per inaccurate customer con- 
tact data record on things like direct-mail marketing sent to wrong addresses 
and the inability to properly track leads. For an organization with 100,000 
customers and a 22 percent error rate, that projects to a loss of $2.2 million. 
A more recent study reveals that 84 percent of CEO’s are concerned about the 
quality of the data they are basing their decisions on.’ 


Benefits Gained Through Use of High-Quality Data 


Fundamental to the quality of a decision is the quality of the data used to reach 
that decision. Any organization that stresses the use of advanced information 
systems and sophisticated data analysis before data quality is doomed to make 
many wrong decisions. Table 5.2 lists the characteristics that determine the 
quality of data. The importance of each of these characteristics varies depend- 
ing on the situation and the kind of decision you are trying to make. For 
example, with market intelligence data, some inaccuracy and incompleteness 
is acceptable, but timeliness is essential. Market intelligence data may alert 
you that a competitor is about to make a major price cut. The exact details and 
timing of the price cut may not be as important as being warned far enough 
in advance to enable your organization to plan how to react. On the other 
hand, accuracy and completeness are critical for data used in accounting for 
the management of company assets, such as cash, inventory, and equipment. 

High-quality data represents a precious asset of any organization. Not only 
will high-quality data improve decision making, increase customer satisfaction, 
increase sales, improve innovation, improve productivity, but it will also ensure 
that you are fully complying with regulatory requirements that may apply to 
your organization. 


Improve Decision Making 

Data drives all the major decisions in the world today from attending to cus- 
tomer needs to developing strategies for gaining competitive advantage. Without 
high-quality data, any decision we make is based on inference and conjecture 
with little evidence to support good decision making. With high-quality data, 
the guesswork and risk taking in decision making are removed. The better the 
data quality, the more confidence users have in the decisions they make, the 
lower the risk of a poor decision, and the more likely the decision will achieve 
the desired results. 


Increase Customer Satisfaction 


Today customers expect a personalized shopping experience and the better the 
quality of your data, the easier it is to deliver the personalized approach your 
customers require. On the other hand, customer satisfaction with your store, Web 
site, or product will certainly be lower if the data quality is poor. Every customer 
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TABLE 5.2 Nine characteristics of quality information 


Characteristic Definition 


Accessible Information should be easily accessible by authorized users so 
they can obtain it in the right format and at the right time to 
meet their needs. 


Accurate Accurate information is error free. In some cases, inaccurate 
information is generated because inaccurate data is fed into the 
transformation process from data to information. This is com- 
monly called garbage in, garbage out. 


Complete Complete information contains all the important facts. For 
example, an investment report that does not include all import- 
ant costs is not complete. 


Economical Information should also be relatively economical to produce. 
Decision makers must always balance the value of information 
with the cost of producing it. 


Relevant Relevant information is important to the decision maker. 
Information showing that lumber prices might drop is probably 
not relevant to a computer chip manufacturer. 


Reliable Reliable information can be trusted by users. In many cases, the 
reliability of the information depends on the reliability of the 
data-collection method. In other instances, reliability depends 
on the source of the information. A rumor from an unknown 
source that oil prices might go up may not be reliable. 


Secure Information should be secure from access by unauthorized 
users. 
Timely Timely information is delivered when it is needed. Knowing 


last week’s weather conditions will not help when trying to 
decide what coat to wear today. 


Verifiable Information should be verifiable. This means that you can 
check it to make sure it is correct, perhaps by checking many 
sources for the same information. 


wants to pay a fair, correct price for the product they want without experiencing 
issues that bad data could cause. Customers become quite upset when there are 
billing errors in their statements even if the amount is relatively small. Customer 
ill will is created whether the billing errors were intentional or not. 


Increase Sales 


High-quality data can increase sales by enabling more accurate consumer tar- 
geting and communications. This is especially important in an omnichannel 
environment where an organization is using the same business strategy across 
all marketing channels including Internet, brick-and-mortar stores, television, 
radio, and direct mail. It is essential that a database of high-quality data about 
customers, products, prices, promotions, and so on be available across all 
channels. 

High-quality data can also increase sales by enabling salespeople to make 
successful up-sell and cross-sell suggestions. Cross-selling involves inviting 
customers to purchase an item related to what they are primarily interested 
in. Up-selling involves encouraging customers to buy a comparable, but 
higher-end product. Salesperson suggestions for a cross-sell or upsell that’s 
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entity: A person, place, or thing for 
which data is collected, stored, and 
maintained. 


file: A collection of similar entities. 


attribute: A characteristic of an 
entity. 


domain: The range of allowable 
values for a data attribute. 
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completely out of left field will not only frustrate customers—they could 
endanger their relationship with your company. Salespeople need high-qual- 
ity data about the customer and all their interactions with your organization 
to ensure that their suggestions are consistent with the customer’s needs and 
circumstances. 


Improve Innovation 


High-quality data on the operations of the business is the primary ingredient 
of any process improvement effort. Such efforts are often aimed at improving 
worker efficiency, product and/or service quality, or the customer experience. 
Successful innovation improves the business outlook and attracts new business 
while enhancing the ability to retain existing clients and customers. Organiza- 
tions that can use their data assets to drive critical business innovations will 
gain a distinct advantage in the years to come. 


Raise Productivity 

Good quality data enables employees to be more productive. Instead of spend- 
ing time researching the reasons for and correcting data errors, they can focus 
on their core mission. Should bad data slip through and update the information 
in a database, it may result in actions that require considerable effort to correct 
(e.g. incorrect bills sent to customers, inaccurate inventory counts resulting in 
unnecessary purchase orders, etc.). 


Ensure Compliance 


There are several governmental and industry regulations such as General Data 
Protection Regulation (GDPR), Health Insurance Portability and Accountability 
Act (HIPAA), and Payment Card Industry-Data Security Standard (PCI-DSS). 
These regulations and many others place specific requirements on how cer- 
tain types of data are managed, protected, and reported. If the data is not 
accurate, there can be severe consequences, including significant fines and 
more. In the case of a hospital or medical practice, medical coding and bill- 
ing mistakes may trigger audits and investigations. Such mistakes may even 
lead to charges of fraud, forever damaging the reputation of the hospital or 
medical practice. 


The Data Hierarchy 


An entity is a person, place, or thing (object) for which data is collected, 
stored, and maintained. Examples of entities include employees, products, and 
customers. Most organizations organize and store data as collections of entities 
or a file. 

An attribute is a characteristic of an entity. For example, employee num- 
ber, last name, first name, hire date, and department number are attributes for 
an employee. The inventory number, description, number of units on hand, 
and location of the inventory item in the warehouse are attributes for items in 
inventory. Customer number, name, address, phone number, credit rating, and 
contact person are attributes for customers. Attributes are usually selected to 
reflect the relevant characteristics of entities such as employees or customers. 
Each attribute can be constrained to a range of allowable values called its 
domain. For instance, the domain for an attribute such as type of employee 
could be limited to the three characters F (full-time), P (part-time), or C (con- 
tractor). If someone tried to enter a “1” in the type of employee field, the data 
would not be accepted. The domain for pay rate would not include nega- 
tive numbers. In this way, defining a domain can increase data accuracy. The 
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data item: The specific value of an specific value of an attribute, called a data item, can be found in the record 

attribute. describing an entity. The data hierarchy of attribute, entity, file, and database 
is shown in Figure 5.1. Table 5.3 shows a simple database with the Employee 
ID as the primary key for each entity in the database. 


The data hierarchy 


Database 


Attribute 


TABLE 5.3 Keys and attributes 


The key field is the employee id which uniquely identifies each employee. The attributes include employee first name, last name, and 
middle name, hire date, current department, etc. 


Employee ID Last Name First Name Middle Name Hire Date Current Dept Etc. 
041287 Baker James Francis 09/30/2010 215 
051345 Andersen James Scott 01/23/2011 314 
062345 Brown Alison Sarah 03/25/2011 222 
062437 Sanders Joanne Amelia 03/23/2012 215 


Many organizations create databases of attributes and enter data items to 
store data needed to run their day-to-day operations. For instance, database 
technology is an important weapon in the fight against crime and terrorism, as 
discussed in the following examples: 


e The Offshore Leaks Database contains the data about some 680,000 
secretive offshore companies, trusts, and funds created in 200 countries 
around the world. Although creating offshore accounts is legal in most 
countries, offshore accounts are also established to enable individuals 
and organizations to evade paying the taxes they would otherwise owe. 
The database has been used by law enforcement and tax officials to 
identify potential tax evaders.‘ 

e The National Integrated Ballistic Information Network (NIBIN) is man- 
aged by the Bureau of Firearms, Tobacco, Firearms, and Explosives. 

A key element of the network is a database of digital images of spent 
bullets and cartridge cases that were retrieved from crime scenes or test 
fired from weapons found at a crime scene or on a suspect.’ 

e The Global Terrorism Database (GTD) is a database including data 
on over 140,000 terrorist events that occurred around the world. For 
each terrorist event, information is available regarding the date and 
location of the event, the weapons used, the nature of the target, the 
number of casualties, and, when identifiable, the group or individual 
responsible.° 
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record: 
about a specific entity. 


primary key: An attribute or set of 
attributes that uniquely identifies the 


record. 


foreign key: An attribute in one 
table that refers to the primary key in 


another table. 


database approach to data 
management: An approach to 
data management where multiple 
information systems share a pool of 


related data. 


A collection of attributes 
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e Pawnshops are required by law to report their acquisitions to law 
enforcement by providing a description of each item pawned or sold 
along with any identifying numbers, such as a serial number. Leads 
Online is a nationwide online database system that can be used to 
fulfill this reporting responsibility and enable law enforcement officers 
to track merchandise that is sold or pawned in shops throughout the 
nation.’ 


A collection of attributes about a specific entity is a record. A primary 
key is an attribute or set of attributes that uniquely identifies the record. No 
other record can have the same primary key. For an employee record, such as 
the ones shown in Table 5.3, the employee ID is an example of a primary key. 
The primary key is used to distinguish records so that they can be accessed, 
organized, and manipulated. Primary keys ensure that each record in a file is 
unique. For example, eBay assigns an “Item number” as its primary key for 
items to make sure that bids are associated with the correct item. See Figure 5.2. 


Go Buy | Sell | MyeBay | Community | Help ‘© cart 
© , 
Mother's 
DAY 
Welcome! Sign in or register. 


CATEGORIES v ELECTRONICS FASHION MOTORS TICKETS DEALS CLASSIFIEDS 


Parts & Accessories » Cars & Trucks © Motorcycles + MY VEHICLES TIRECENTER LIGHT CENTER 


@ Back to search results | eBay Motors > Cars & Trucks > Chevrolet > Malibu 


Powersports, Boats & More = 
Add to Watch list 


2013 Chevrolet Malibu Eco | Seller info 
Eco Hybrid-electric New 2.4L CD Preferred Equipment Group 1SA AM/FM radio Research 2013 Chevrolet Malibu 
<a (32) 
Kem tarato 100% Positive feedback 
Ask a question 
Save this seller 
Nea ated ice: = us $26,160.00 See other tems 
" = Phone: (888) 468-2047 
TA -v l Pore 
, Other item info 
Í x] Order an independent inspection Item number: 110868309963 
Item condition: New 
Coverage: This vehicle is eligible for up to $50,000 in Vehicle 


Sells to 


Purchase Protection when your transaction is completed Local pick-up only 


online through eBay.To qualify you must be the winning 
bidder on an auction or click the Buy It Now button directly 


on the eBay site.Restrictions Apply. (Not eligible for eBay Buyer Share: E3 W} & | Print | Report item 
Protection) 
FIGURE 5.2 
Primary key 


eBay assigns an item number as a primary key to keep track of each item in its database. 
www.ebay.com 


A foreign key is an attribute in one table that refers to the primary key 
in another table. It serves as a cross-reference enabling the data in the two 
tables to be related. For example, imagine a relational database that includes a 
customer table and an order table. A relationship can be created between the 
tables by including the foreign key customer ID in the order table. Customer 
ID is the primary key of the customer table. The customer ID in the order table 
enables orders to be cross-referenced to customers. 


The Database Approach 


Today most organizations employ the database approach to data management, 
where multiple information systems share a pool of related data. A data- 
base offers the ability to share data and information resources. Federal law 
enforcement databases, for example, often include the results of DNA tests 
as an attribute for convicted criminals. The information can be shared with 
law enforcement officials around the country. Often, distinct yet related data- 
bases are linked to provide enterprise-wide databases. For example, many 
Walgreens stores include in-store medical clinics for customers. Walgreens uses 
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database management system 
(DBMS): A group of programs used 
to access and manage a database as 
well as provide an interface between 
the database and its users and other 
application programs. 


an electronic health records database that stores the information of all patients 
across all its stores. The database provides information about customers’ inter- 
actions with the clinics and pharmacies. 

To use the database approach to data management, additional software—a 
database management system (DBMS)—is required. A database management 
system (DBMS) consists of a group of programs provided by the DBMS sup- 
plier that are used to access and manage a database as well as provide an 
interface between the database and its users and other application programs. A 
DBMS provides a single point of management and control over data resources, 
which can be critical to maintaining the integrity and security of the data. An 
organization’s databases, its DBMS, and the application programs that cre- 
ate and access the databases make up a database environment. Figure 5.3 
illustrates the database approach. 


Database 
management 
system 


Database Interface Application Reports 


programs 


Database approach to data management 
In a database approach to data management, multiple information systems share a pool of 
related data. 


schema: A description that defines 
the logical and physical structure of the 
database by identifying the tables, 

the attributes in each table, and the 
relationships between attributes and 
tables. 


Database Activities 


Databases are used to provide a user view of the database, to add and modify 
data, to store and retrieve data, to manipulate the data and generate reports, to 
provide security management, and to provide database backup and recovery 
services. Each of these activities is discussed in greater detail in the following 
sections. 


Providing a User View 


Because the DBMS is responsible for providing access to a database, one of the 
first steps in installing and using a large relational database involves “telling” 
the DBMS the logical and physical structure of the data and the relationships 
among the data for each user. This description is called a schema (as in a sche- 
matic diagram). In a relational database, the schema defines the tables, the 
attributes in each table, and the relationships between attributes and tables. 
Database management systems, such as Oracle or Access, typically use schemas 
to define the tables and other database features associated with a person or 
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FIGURE 5.4 


Database schema 
represented in a visual 
diagram 


data definition language 
(DDL): A collection of instructions 
and commands used to define and 
describe data and relationships in a 
specific database. 


data dictionary: A detailed 
description of the data stored in the 
database. 
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user. The DBMS can reference a schema to find where to access the requested 
data in relation to another piece of data. A database schema can be represented 
in a visual diagram showing the database objects and their relationship with 
one another, as shown in Figure 5.4. 


Creating and Modifying the Database 

The database schema can also be defined using a data definition language. 
A data definition language (DDL) is a collection of instructions and com- 
mands used to define and describe data and relationships in a specific data- 
base. Table 5.4 shows a simplified example of a DDL used to define a single 
database table. 


TABLE 5-4 Database schema of the student table expressed in DDL 


CREATE TABLE students ( 


student_id INTEGER (9) PRIMARY KEY 
last_name VARCHAR (40) not null 
first_name VARCHAR (20) not null 
middle_name VARCHAR (20) not null 
salutation VARCHAR (8) not null 
date_of_birth DATE not null 
gender INTEGER (1) not null 
address-line1 VARCHAR (30) not null 


and so forth 


); 


Another important step in creating a database is to establish a data 
dictionary, a detailed description of the data stored in the database. Among 
other details, the data dictionary contains the following information for each 
data item: 


Name of the data attribute 

Aliases or other names that may be used to describe the item 
Range of values that can be used (domain) 

Type of data (such as alphanumeric or numeric) 

Number of bytes of storage needed for the item 


A data dictionary is a valuable tool for maintaining an efficient database 
that stores reliable information with no redundancy, and it simplifies the pro- 
cess of modifying the database when necessary. Data dictionaries also help 
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Logical and physical access 
paths 

When an application requests data 
from the dbms, it follows a logical 
access path to the data. When the 
dbms retrieves the data, it follows 
the physical access path to the 
data. 


computer and system programmers who require a detailed description of data 
elements stored in a database to create the code to access the data. 
Adherence to the standards defined in the data dictionary also makes it 
easy to share data among various organizations. For example, The National Syn- 
dromic Surveillance Program (NSSP) is designed to enable the early detection 
of outbreaks resulting from biological terrorism or naturally occurring highly 
contagious diseases. The system enables the Centers for Disease Control and 
Prevention to track the number of people affected, the rate of spread, and the 
rate of mortality. Hopefully, this early warning will enable health professionals 
to mobilize a rapid response and thereby reduce the number of deaths. The 
system’s success depends on the ability to rapidly collect, evaluate, share, and 
store syndromic surveillance data. A data dictionary (current version NSSP v32 
documented at hitps://www.cdc.govu/nssp/biosense/docs/NSSP-Data-Dictionary. 
xlsx) was created to ensure standardization and consistent definition of all key 
elements captured by this system to ensure the easy sharing of high-quality data.’ 


Storing and Retrieving Data 

One function of a DBMS is to be an interface between an application program 
and the database. When an end user, application program, or other software 
needs data from the database, it requests the data through the DBMS. Suppose 
that to calculate the total price of a new car, a pricing program needs price data 
on the engine option—for example, six cylinders instead of the standard four 
cylinders. The application program requests this data from the DBMS. In doing 
so, the application program follows a logical access path (LAP). Next, the DBMS, 
working with various system programs, accesses a storage device, such as a 
disk drive or solid-state storage device (SSD), where the data is stored. When 
the DBMS goes to this storage device to retrieve the data, it follows a path to 
the physical location—physical access path—where the price of this option is 
stored. In the pricing example, the DBMS might go to a disk drive to retrieve 
the price data for six-cylinder engines. This relationship is shown in Figure 5.5. 


Data on 
storage device 


Physical access 
path (PAP) 


DBMS 


Logical access 
path (LAP) 


Management Other Application 
inquiries software programs 


This same process is used if a user wants to get information from the 
database. First, the user requests the data from the DBMS. For example, a user 
might give a command, such as LIST ALL OPTIONS FOR WHICH PRICE IS 
GREATER THAN $200. This is the logical access path. Then, the DBMS might 
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go to the options price section of a disk to get the information for the user. 
This is the physical access path. 

Two or more people or programs attempting to access the same record at 
the same time can cause a problem. For example, an inventory control program 
might attempt to reduce the inventory level for a product by 10 units because 
10 units were just shipped to a customer. At the same time, a purchasing 
program might attempt to increase the inventory level for the same product 
by 200 units because inventory was just received. Without proper database 
control, one of the inventory updates might be incorrect, resulting in an inac- 
curate inventory level for the product. Concurrency control can be used to 
avoid this potential problem. One approach is to lock out all other application 
programs from access to a record if the record is being updated or used by 
another program. 


concurrency control: A method 
of dealing with a situation in which two 
or more users or applications need to 
access the same record at the same 
time. 


Manipulating Data and Generating Reports 

After a DBMS has been installed, employees, managers, and other authorized 
users can use it to review reports and obtain important information. Using a 
DBMS, a company can manage this requirement. Some databases use Query 
by Example (QBE), which is a visual approach to developing database queries 
or requests. With QBE, you can perform queries and other database tasks by 
opening windows and clicking the data or features you want—similar to the 
way you work with Windows and other GUI (graphical user interface) operat- 
ing systems and applications. See Figure 5.6. 


F uey x 
Order Details Orders Order Price Totals 
3 || | ? orderio 
Vw | | | Employee ID | (ha OrderiD 
Order ID | i Customer ID Se Price Total 
Product ID Order Date 
Quantity Shipped Date 
Unit Price Shipper ID Customers 
Discount Ship Name ID a 
Status ID Ship Address Company 
Date Allocated Ship City Last Name 
Purchase Order ID Ship State/Province First Name 
Inventory ID | Ship ZIP/Postal Code E-mail Address 
Ship Country/Region Job Title 
| Shipping Fee Business Phone z = 
4 > 
Field: | Price Total Order Date Customer ID Company Last Name First Name 
Table: | Order Price Totals Orders Orders Customers Customers Customers 
Sort: | Descending v 
Show: ca z w w vi w 
Criteria: | >2000 
or: A Queri 
Order Date -| Customer ~] Company ~ | LastName ~| FirstName ~ 
$13,800.00 | 3/24/2016 Company G CompanyG Xie Ming-Yang 
$13,800.00 3/10/2016 Company BB Company BB Raghav Amritansh 
$4,200.00 4/3/2016 Company F Company F Pérez-Olaeta Francisco 
$3,690.00 4/5/2016 Company | Company | Mortensen Sven 
$ $3,690.00 4/5/2016 Company I Company | Mortensen Sven 
$3,520.00 4/22/2016 Company D CompanyD Lee Christina 
$3,520.00 4/22/2016 Company D CompanyD Lee Christina 
$2,490.00 6/23/2016 Company F Company F Pérez-Olaeta Francisco 
$2,490.00 6/23/2016 Company F Company F Pérez-Olaeta Francisco 
$2,250.00 6/5/2016 Company Z Company Z Liu Run 


FIGURE 5.6 


Query by example 


Some databases use query by example (qbe) to generate reports and information. 
Microsoft product screenshots used with permission from Microsoft Corporation 


In other cases, database commands can be used in a programming lan- 
guage. For example, commands written in the C++ programming language can 
be used in simple programs that will access or manipulate certain pieces of 
data in the database. Here’s another example of a DBMS query: 

SELECT * FROM EMPLOYEE WHERE JOB_CLASSIFICATION=“C2.” 
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The asterisk (*) tells the program to include all columns from the EMPLOYEE 
table. In general, the commands that are used to manipulate the database are 
data manipulation language part of the data manipulation language (DML). This specific language, pro- 
(DML): A specific language, provided vided with the DBMS, allows managers and other database users to access and 
Wiha DEMS, WNICNANOWS users 10 modify the data, to make queries, and to generate reports. Again, the applica- 
access and modify the data, to make y : 
queries, and to generate reports. tion programs go through schemas and the DBMS before getting to the data 
stored on a device such as a disk. 
After a database has been set up and loaded with data, it can produce 
desired reports, documents, and other outputs such as that shown in Table 5.5. 
These outputs usually appear in screen displays or on hard copy printouts. The 
output-control features of a database program allow a user to select the records 
and fields that will appear in a report. Formatting controls and organization 
options (such as report headings) help users customize reports and create 
flexible, convenient, and powerful information-handling tools. 


TABLE 5.5 Sample report ten largest orders for 2020 


# Invoice # Order Date Company Salesperson Sales Amount 
1 102345 3/12/2020 Acme Plumbing Davis $132,432 
2 104256 6/12/2020 Joiner Appliances Kohl $122,567 
3 100345 5/4/2020 Smith Bros Ruberg $120,432 
4 104557 7/3/2020 City-Wide Appliances Brown $109,356 
5) 103678 5/21/2020 Joiner Appliances Kohl $100,452 
6 104125 6/7/2020 Acme Plumbing Davis $100,234 
y 104892 8/2/2020 Smith Bros Davis $ 97,179 
8 103885 6/22/2020 City-Wide Appliances Brown $ 95,234 
9 105894 9/30/2020 Joiner Appliances Kohl $ 92,341 
10 102634 4/1/2020 Smith Bros Ruberg $ 90,007 


A DBMS can produce a wide variety of documents, reports, and other out- 
put that can help organizations make decisions and achieve their goals. Often, 
organizations have standard reports that are run on a regular basis. The most 
common reports select and organize data to present summary information 
about some aspect of company operations. For example, accounting reports 
often summarize financial data such as current and past due accounts. Many 
companies base their routine operating decisions on regular status reports that 
show the progress of specific orders toward completion and delivery. 


Security Management 

The DBMS security management function helps ensure that data are protected 
against access by unauthorized users, physical damage, operating system fail- 
ure, and simultaneous updating of the same data by multiple users. An espe- 
cially powerful feature of the DBMS security function is the capability to define 
and enforce user access privileges that control who can access what data and 
what they can do with that data (e.g. read only, add/delete/change the data). 
Good security practices recommend that users are granted the minimum priv- 
ileges to do their jobs. For example, an entry level payment clerk from the 
accounts payable function should not be given the ability to modify the pay- 
ment amount or the payee to avoid potential fraud. However, this privilege may 
be granted to the accounts payable supervisor. The DBMS security functions are 
generally planned, implemented, and maintained by a database administrator 
and/or other information security professional. 
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data cleansing: The process 

of detecting and then correcting 

or deleting incomplete, incorrect, 
inaccurate, or irrelevant records that 
reside in a database. 
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Backup and Recovery 


The DBMS also provides backup and recovery services. For example, if there is 
a power outage, recovery management enables the database to be brought back 
up safely and without loss of data following the outage. Backup management 
refers to making backup copies of all or portions of the database. In the event 
the database is lost, damaged, or destroyed, the backup copies can be used to 
restore the database. 


Data Cleansing 


Data used in decision making must be accurate, complete, economical, flex- 
ible, reliable, relevant, simple, timely, verifiable, accessible, and secure. Data 
cleansing is the process of detecting and then correcting or deleting incom- 
plete, incorrect, inaccurate, or irrelevant records that reside in a database. The 
goal of data cleansing is to improve the quality of the data used in decision 
making. The “bad data” may have been caused by user data-entry errors or by 
data corruption during data transmission or storage. Data cleansing is different 
from data validation, which involves the identification of “bad data” and its 
rejection at the time of data entry. 

One data cleansing solution is to identify and correct data by cross-checking 
it against a validated data set. For example, street number, street name, city, 
state, and zip code entries in an organization’s database may be cross-checked 
against the United States Postal Zip Code database. Data cleansing may also 
involve standardization of data, such as the conversion of various possible 
abbreviations (St., St, st., st) to one standard name (Street). 

Data enhancement augments the data in a database by adding related 
information—such as using the zip code information for a given record to 
append the county code or census tract code. The cost of performing data 
cleansing can be quite high. It is prohibitively expensive to eliminate all “bad 
data” to achieve 100 percent database accuracy. 


Database Design 


Because today’s organizations must keep track of and analyze so much data, it 
is necessary to keep the data well organized so that it can be used effectively. 
A database should be designed to store all data relevant to the business and 
to provide quick access and easy modification. Moreover, it must reflect the 
business processes of the organization. When designing a database, an organi- 
zation must carefully consider the following questions: 


e Content. What data should be collected and at what cost? 

e Access. What data should be provided to which users and when? 

e Logical structure. How should data be arranged so that it makes sense 
to a given user? 

e Physical organization. Where should data be physically located? 

e Response time. How quickly must the data be updated and retrieved so 
it can be viewed by the users? 

e Archiving. How long must this data be stored? 

e Security. How can this data be protected from unauthorized access? 


One of the tools use to design a database is the data model. Data mod- 
elling is commonly done either at the organizational level or at the level of 
a specific business application. When done at the organizational level, this 
procedure is called enterprise data modelling. Enterprise data modelling is an 
approach that starts by investigating the general data and information needs 
of the organization at the strategic level and then moves on to examine more 
specific data and information needs for the functional areas and departments 
within the organization. 
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enterprise data model: A data 
model that identifies the data entities 
and data attributes of greatest interest 
to the organization along with their 
associated standard data definitions, 
data length and format, domain of valid 
values, and any business rules for 
their use. 


FIGURE 5.7 
Enterprise data model 
The enterprise data model provides 
a roadmap for building database 
and information systems. 


The enterprise data model identifies the data entities and data attributes 
of greatest interest to the organization along with their associated standard data 
definitions, data length and format, domain of valid values, and any business 
rules for their use (e.g. if product type is 123, then days to ship must be greater 
than 5). The enterprise data model as shown in Figure 5.7 is a valuable resource 
with the following benefits: 


e Provides a roadmap of the organization’s current and future data that 
serves as an initial starting point for the development of new applica- 
tions that will be able to integrate and exchange data. 

e Avoids costly and inefficient data redundancy where the same data 
entities or data attributes are captured in more than one application or 
stored in more than one database. 

e Identifies gaps in the data needed to support the organization so that 
plans can be made to capture or acquire the needed data. 

e Provides a benchmark against which to evaluate the extent to which a 
vendor’s software package meets the organization’s data needs. 


Occasionally, an organization will purchase an industry-standard enterprise 
model for their industry from a vendor or industry group. For example, the 
IBM Healthcare Provider Data Model is an enterprise data model that can be 
adopted by a healthcare provider organization to organize and integrate clin- 
ical, research, operational, and financial data.’ At one time, the University of 
North Carolina Health Care System had a smorgasbord of information system 
hardware and software that made it difficult to integrate data from its existing 
legacy systems. The organization used the IBM Healthcare Provider Data Model 
to guide its efforts to simplify its information system environment and improve 
the integration of its data. As a result, it was able to eliminate its dependency 
on outdated technologies, build an environment that supports efficient data 
management, and integrate data from its legacy systems to create a source of 
data to support future data analysis requirements.'° 


The enterprise 


Enables capture of business opportunities 
Increases business effectiveness 
Reduces costs 


Systems and data 


Enables simpler system interfaces 
Reduces data redundancy 
Ensures compatible data 


Data model 
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entity-relationship (ER) 
diagram: A data model that uses 
basic graphical symbols to show the 
organization of and relationships 
between data. 


Entity-relationship (ER) 


diagram for a customer order 


database 

Development of ER diagrams helps 
ensure that the logical structure of 
application programs is consistent 
with the data relationships in the 
database. 


Critical 
Thinking 
Exercise 
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The entity-relationship (ER) diagram is a data model used to analyze and 
communicate data needs at the individual project or application level using 
graphical symbols to identify data entities and their associated data attributes as 
well as the relationships among the entities of interest. There are many notation 
styles that can be used in drawing an ER diagram. 

ER diagrams ensure that the relationships among the data entities in a 
database are correctly structured so that any application programs developed 
are consistent with business operations and user needs. In addition, ER dia- 
grams can serve as reference documents after a database is in use. If changes 
are made to the database, ER diagrams help design them. Figure 5.8 shows an 
ER diagram for an order database for a specific organization. In this database 
design, one salesperson serves many customers. This is an example of a one-to- 
many relationship, as indicated by the one-to-many symbol (the “crow’s-foot”) 
shown in the figure. The ER diagram also shows that each customer can place 
one-to-many orders, that each order includes one-to-many line items, and that 
many line items can specify the same product (a many-to-one relationship). 
This database can also have one-to-one relationships. For example, one order 
generates one invoice. 


Salesperson 


Serves 


LN 


Places 


Specifies 


Generates 


Invoice 


Cleansing the Customer Relationship Management Database 
™ DECISION MAKING 


Several sales and marketing managers are requesting a data cleansing operation on 
the Customer Relationship Management (CRM) database. This is a critical database 
for the organization that stores and manages prospect and customer data like contact 
data and account activity including purchases, interactions with the organization, 
and responses to previous marketing initiatives. It also captures and stores data 
about sales leads and sales opportunities. Members of the sales and marketing 
functions want the records of all customers who have not purchased any of your 
products in the past six months to be purged from the database. Similarly, all leads 
who have not responded to any marketing initiative in the past six months should be 
purged. They also want all leads and customers with invalid email addresses deleted. 


Review Questions 


1. What else is involved in data cleansing besides purging records considered no 
longer necessary? 
2. Which of the fundamental database design questions needs to be reviewed? 
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Critical Thinking Questions 


1. Identify three or four data attributes that may need to be updated and/or cor- 
rected in the CRM database. 

2. Is it possible that the data cleansing requested could result in the loss of valu- 
able data? Explain your answer. 


Relational Databases 


relational database model: A The relational database model is a simple but highly useful way to organize 
simple but highly usetul way to data into collections of two-dimensional tables called relations, as shown in 


organize data into collections of two- j a fre 
dimensional bles called fèlations: Figure 5.9. A relational database has six fundamental characteristics: 


1. Data is organized into collections of two-dimensional tables called relations. 

2. Each row in the table represents an entity and each column represents an 
attribute of that entity. 

3. Each row in a table is uniquely identified by a primary key. 

4. The type of data a table column can contain can be specified as integer number, 
decimal number, date, text, etc. 

5. The data in a table column can be constrained to be of a certain type (inte- 
ger, decimal number, data, character, etc.), a certain length, or to have a value 
between two limits. 

6. Primary and foreign keys enable relationships between the tables to be defined. 

7. User queries are used to perform operations on the database like adding, 
changing, or deleting data and selecting, projecting, and joining existing data 
in existing tables. 


Data Table 1: Project Table 


Data Table 2: Department Table 


257 Accounting 005-10-6321 
632 Manufacturing | 549-77-1001 
598 Marketing 098-40-1370 


Relational database model 
In the relational model, data is 
placed in two-dimensional tables, or 


Data Table 3: Manager Table 


relations. As long as they share at 005-10-6321 Johns Francine 10-07-2013 257 
least one common attribute, these 

relations can be linked to provide 549-77-1001 Buckley Bill 02-17-1995 632 
output useful information. In this 

example, all three tables include the 098-40-1370 Fiske Steven 01-05-2001 598 


dept. number attribute. 
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selecting: Manipulating data to 
eliminate rows according to certain 
criteria. 


projecting: Manipulating data to 
eliminate columns in a table. 


joining: The combining of two or 
more tables through common data 
attributes to form a new table with only 
the unique data attributes. 


ER diagram 

This diagram shows the relationship 
among the manager, department, 
and project tables. 
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Manipulating Data in a Relational Database 


After entering data into a relational database, users can make inquiries and 
analyze the data. Basic data manipulations include selecting, projecting, and 
joining. 

Selecting involves eliminating rows according to certain criteria. Suppose 
the department manager of a company wants to use a project table that contains 
the project number, description, and department number for all projects a com- 
pany is performing. The department manager might want to find the department 
number for Project 226, a sales manual project. Using selection, the manager can 
eliminate all rows except the one for Project 226 and see that the department 
number for the department completing the sales manual project is 598. 

Projecting involves eliminating columns in a table. For example, a depart- 
ment table might contain the department number, department name, and Social 
Security number (SSN) of the manager in charge of the project. A sales manager 
might want to create a new table that contains only the department number 
and the Social Security number of the manager in charge of the sales manual 
project. The sales manager can use projection to eliminate the department 
name column and create a new table containing only the department number 
and Social Security number. 

As long as the tables share at least one common data attribute, the tables in 
a relational database can be linked to provide useful information and reports. 
Joining is the combining of two or more tables through common data attri- 
butes to form a new table with only the unique data attributes. It is one of the 
keys to the flexibility and power of relational databases. Suppose the president 
of a company wants to find out the name of the manager of the sales manual 
project as well as the length of time the manager has been with the company. 
Assume that the company has Manager, Department, and Project tables, as 
shown in Figure 5.10. 


Supervises 


LN 


Performs 


LN 


Note the crow’s-foot by the Project table. This symbol indicates that a 
department can have many projects. The manager would make the inquiry 
to the database, perhaps via a laptop computer. The DBMS would start with 
the project description and search the Project table to find out the project’s 
department number. It would then use the department number to search the 
Department table for the manager’s Social Security number. The department 
number is also in the Department table and is the common element that links 
the Project table to the Department table. The DBMS uses the manager’s Social 
Security number to search the Manager table for the manager’s hire date. 
The manager’s Social Security number is the common element between the 
Department table and the Manager table. The final result is that the manager’s 
name and hire date are presented to the president as a response to the inquiry. 
Figure 5.11 shows the linking between the Project, Department, and Manager 
tables needed to answer this inquiry. 
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Data Table 1: Project Table 


Payroll 


498 Widgets 632 


LA 


Data Table 2: Department Table 


257 Accounting | 005-10-6321 


632 Manufacturing | 549-77-1001 


598 Marketing 098-40-1370 


[| 


Data Table 3: Manager Table 


SSN Last name First name Hire date Dept. number 
005-10-6321 Johns Francine 10-07-2013 257 
549-77-1001 Buckley Bill 02-17-1995 632 


098-40-1370 Steven 01-05-2001 598 


Linking data tables to answer an inquiry 

To find the name and hire date of the manager working on the sales manual 
project, the president needs three tables: project, department, and manager. 
The project description (sales manual) leads to the department number (598) 
in the project table, which leads to the manager's social security number 
(098-40-1370) in the department table, which leads to the manager's last name 
(fiske) and hire date (01-05-2001) in the manager table. 


One of the primary advantages of a relational database is that it allows 
tables to be linked, as shown in Figure 5.11. This linkage reduces data redun- 
dancy and allows data to be organized more logically. The ability to link to the 
manager’s Social Security number stored once in the Manager table eliminates 
the need to store it multiple times in the Project table. 

The relational database model is widely used. It is easier to control, more 
flexible, and more intuitive than other approaches because it organizes data 
in tables. As shown in Figure 5.12, a relational database management system, 
such as Microsoft Access, can be used to store data in rows and columns. In 
this figure, hyperlink tools available on the ribbon/toolbar can be used to 
create, edit, and manipulate the database. The ability to link relational tables 
also allows users to relate data in new ways without having to redefine com- 
plex relationships. Because of the advantages of the relational model, many 
companies use it for large corporate databases, such as those for marketing 
and accounting. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


Views 
=] Home 


ma 


Active Orders 


80 New 


Navigation Pane 


Double-click to go to details 


Clipboard 


“a>. Northwind Traders 


Status ~ 
81 New 


E Andrew Cencini 


CHAPTER 5 @ Database Systems and Data Management 191 
H< real FORMTOOLS Northwind Pom A se 
HOME CREATE EXTERNAL DATA DATABASE TOOLS DATASHEET edl a 3 
= Cut 8| Ascending Yf Selection + TO Š na > Totals Rep Calibri ‘jn 
Za Copy Y Zl Descending YZJ Advanced + [a B peling itt >GoTor BIU s+ | E. 
View Pa Filter Refresh Find — 
3 Y Format Painter Remove Sort Y Toggle Filter ay- 2X Delete - E More+ Ñ Seet A ~ 2- === a- 


& Sort & Filter Records Text Formatting T 


plx >? 


Inventory to Reorder Quick Links 
Date + | Customer ~ Product + | Qty Available ~ Reorder Level ~ |+ 
x f View Inventory 

4/25/2016 CompanyC | | Northwind Traders Boysenberry Spread o z3 

4/25/2016 Company D Northwind Traders Dried Pears 0 10 sanean 
Northwind Traders Curry Sauce 0 10 View Customers 
Northwind Traders Fruit Cocktail 0 10 View Purchase Orders 
Northwind Traders Scones 0 5 View Suppliers 
Northwind Traders Beer 0 15 ENT NA 
Northwind Traders Clam Chowder 0 10 
Northwind Traders Chocolate 0 25 VORES 
Northwind Traders Gnocchi 10) 30/~| | Sales Reports 


FIGURE 5.12 
Building and modifying a relational database 
Relational databases provide many tools, tips, and shortcuts to simplify the process of creating and modify- 


ing a database. 


data normalization: The process 
of organizing the data in a relational 
database to eliminate data redundancy 
(all data is stored in only one place) 
and ensure data dependencies make 
sense (only storing related data in a 
table). 


SQL: A special-purpose programing 
language for accessing and 
manipulating data stored in a relational 
database. 


ACID properties: Properties 
(atomicity, consistency, isolation, 
durability) that guarantee relational 
database transactions are processed 
reliably and ensure the integrity of data 
in the database. 


Databases based on the relational model include Oracle, IBM DB2, Micro- 
soft SQL Server, Microsoft Access, MySQL, Sybase, and others. The relational 
database model has been an outstanding success and is dominant in the com- 
mercial world today, although many organizations are beginning to use new 
nonrelational models to meet some of their business needs. 

Data normalization is the process of organizing the data in a relational 
database to eliminate data redundancy (all data is stored in only one place) 
and ensure data dependencies make sense (only storing related data in a table). 
Data normalization is a rigorous multi-step process that ensures that relational 
databases take up minimal storage space, resulting in improved database per- 
formance. This involves dividing a relational database into two or more tables 
and defining relationships between the tables. Data normalization also isolates 
data so that additions, deletions, and modifications of an attribute can be 
made in just one table and then propagated through the rest of the database 
via the defined relationships. This simplifies database maintenance as various 
attributes change. 


SQL Databases 


SQL is a special-purpose programming language for accessing and manipulat- 
ing data stored in a relational database. SQL was originally defined by Donald 
D. Chamberlin and Raymond Boyce of the IBM Research Center and described 
in their paper “SEQUEL: A Structured English Query Language,” published in 
1974. Their work was based on the relational database model described by 
Edgar F. Codd in his ground-breaking paper from 1970, “A Relational Model of 
Data for Large Shared Data Banks.” It presented a set of thirteen database man- 
agement system rules he considered as the prerequisites to consider a database 
management system a relational database management system. 

SQL databases conform to ACID properties (atomicity, consistency, isola- 
tion, durability), which were defined by Jim Gray soon after Codd’s work was 
published. These properties guarantee database transactions are processed reli- 
ably and ensure the integrity of data in the database. Basically, these principles 
mean that data is broken down to atomic values—that is, values that have no 
component parts—such as employee_ID, last_name, first_name, address_line_1, 
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address_line_2, and city. The data in these atomic values remains consistent 
across the database. The data is isolated from other transactions until the cur- 
rent transaction is finished, and it is durable in the sense that the data should 
never be lost.” 

SQL databases rely upon concurrency control by locking database records 
to ensure that other transactions do not modify the database until the first 
transaction succeeds or fails. As a result, 100 percent ACID-compliant SQL 
databases can suffer from slow performance. 

In 1986, the American National Standards Institute (ANSD adopted SQL as 
the standard query language for relational databases. Since ANSI’s acceptance 
of SQL, interest in making SQL an integral part of relational databases on both 
mainframe and personal computers has increased. SQL has many built-in func- 
tions, such as average (AVG), the largest value (MAX), and the smallest value 
(MIN). Table 5.6 contains examples of SQL commands. 


TABLE 5.6 Examples of SQL commands 


SQL Command Description 


SELECT ClientName, Debt This query displays clients (ClientName) and the amount they owe the company 
FROM Client WHERE Debt > (Debt) from a database table called Client; the query would only display clients who 
1000 owe the company more than $1,000 (WHERE Debt > 1000). 

SELECT ClientName, This command is an example of a join command that combines data from two tables: 
ClientNum, OrderNum FROM the Client table and the Order table (FROM Client, Order). The command creates a 
Client, Order WHERE Client. new table with the client name, client number, and order number (SELECT Client- 
ClientNum=Order.ClientNum Name, ClientNum, OrderNum). Both tables include the client number, which allows 


them to be joined. This ability is indicated in the WHERE clause, which states that the 
client number in the Client table is the same as (equal to) the client number in the 
Order table (WHERE Client.ClientNum=Order.ClientNum). 


GRANT INSERT ON Client to This command is an example of a security command. It allows Bob Guthrie to insert 
Guthrie new values or rows into the Client table. 


SQL allows programmers to learn one powerful query language and use it 
on systems ranging from PCs to the largest mainframe computers. See Figure 
5.13. Programmers and database users also find SQL valuable because SQL 
statements can be embedded into many programming languages, such as the 
widely used C++ and Java. Because SQL uses standardized and simplified pro- 
cedures for retrieving, storing, and manipulating data, many programmers find 
it easy to understand and use—hence, its popularity. 


Popular Relational Database Management Systems 


Many popular database management systems address a wide range of indi- 
vidual, workgroup, and enterprise needs as shown in Table 5.7. The complete 
DBMS market encompasses software used by people ranging from nontech- 
nical individuals to highly trained, professional programmers and runs on all 
types of computers from tablets to supercomputers. The entire market gener- 
ates billions of dollars per year in revenue for companies such as IBM, Oracle, 
and Microsoft. 

Selecting a DBMS begins by analyzing the information needs of the organi- 
zation. Important characteristics of databases include the size of the database, 
the number of concurrent users, the performance demanded of the database, 
the ability of the DBMS to be integrated with other systems, the features of the 
DBMS, the vendor considerations, and the cost of the database management 
system. 
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FIGURE 5.13 
Structured Query Language (SQL) 
SQL has become an integral part of most relational databases, as shown by this example from microsoft 


access 2016. 
Microsoft product screenshots used with permission from Microsoft Corporation 


TABLE 5.7 Popular database management systems 


Open-Source Relational DBMS 


Relational DBMS for Individuals 


Deind Cenit O Stute 
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Relational DBMS for Workgroups 


MySQL 
PostgreSQL 
MariaDB 
SQL Lite 
CouchDB 
MongoDB 


database as a service 

(DAAS): An arrangement where 

the database is stored on a service 
provider's servers and accessed by 
the service subscriber over a network, 
typically the Internet, with the database 
administration handled by the service 
provider. 


and Workgroups 
Microsoft Access 
IBM Lotus Approach 
Google Base 
OpenOffice Base 
Airtable 

Knack 


and Enterprise 

Oracle 

IBM DB2 

Sybase Adaptive Server 
Teradata 

Microsoft SQL Server 


Progress OpenEdge 


Zillow.com is an online real estate community where homeowners, buyers, 
sellers, and real estate agents can see what homes are worth, what’s for sale, 
and what local experts have to say about real estate and individual homes. 
Zillow needed a reliable database that would enable it to quickly process and 
manage massive amounts of data. Zillow chose MySQL Cluster, a special high 
availability version of the open-source relational database MySQL.” 

With database as a service (DAAS), the database is stored on a service 
provider’s servers and accessed by the service subscriber over the Internet, with 
the database administration handled by the service provider. The big advantage 
of DaaS is that it eliminates the installation, maintenance, and monitoring of 
in-house databases thus reducing hardware, software, and staffing related costs. 
In addition, the service provider can allocate more or less database storage 
capacity based on an individual customer’s changing needs. Customers must 
depend on the service provider to provide system backup capabilities and to 
protect customer data from unauthorized access. More than a dozen companies 
are now offering DaaS services including Amazon, Clustrix, Google, Heroku, 
IBM, Microsoft, MongoDB, and Oracle. Amazon Relational Database Service 
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Critical 
Thinking 
Exercise 


Data Management 


(Amazon RDS) is a DaaS that enables organizations to set up and operate their 
choice of a MySQL, Microsoft SQL, Oracle, or PostgreSQL relational database 
in the cloud. The service automatically backs up the database and stores those 
backups based on a user-defined retention period. 

Airbnb is an online marketplace that enables people to obtain short-term 
lodging including vacation rentals, apartment rentals, homestays, hostel beds, 
or hotel rooms in more than 65,000 cities and 191 countries.” The company 
employs Amazon Web Services (AWS) to enable it to support the rapid growth 
in the number of its users without having to devote constant time and effort 
to organize and configure its information systems infrastructure. This includes 
the ability to process and analyze some 50 gigabytes of data daily and store 
over 10 terabytes of user pictures." 


Database to Support Film Festival 
æ DECISION MAKING 


You are a member of the Palm Springs Convention and Visitors bureau. The city 
holds a film festival each spring that draws nearly 150,000 including film industry 
celebrities and film makers. The festival provides a great opportunity for visitors to 
get a preview of over 100 films over a two-week period. Participants can also elect 
to attend special opening and closing night events. 

This year, there is a desire to capture data about the visitors and their partic- 
ipation in the festival as well as feedback captured on comment cards submitted 
by viewers of each film. The data would be used for many purposes. A primary 
goal is to decide which films and filmmakers are most popular so that the film 
studios can prepare appropriate marketing campaigns. Another goal is to capture 
visitors’ contact information, so they can be mailed a reminder to register for next 
year’s festival several weeks in advance. The filmmakers would also like to use the 
visitors’ contact information to send them a letter of appreciation for viewing their 
film and incentives to encourage them to tell their friends about it. You have been 
asked to lead an effort to develop a simple relational database to meet these needs. 


Review Questions 


1. What key questions need to be answered to begin the design of this database? 

2. The Convention and Visitor’s bureau employs the Microsoft Office 365 personal 
productivity software. You are proficient with Excel and are thinking of creating 
a series of Excel spreadsheets with the necessary data to meet these needs. Is 
this the way to go? Why or why not? 


Critical Thinking Questions 


1. Identify three tables that are needed to capture the data required to support the 
identified needs. Identify a primary key and at least 2 or 3 additional attributes 
for each table. 

2. At what stage of this project should you get other stakeholders involved? Why 


might this be necessary? 


Data management is an integrated set of functions that defines the processes 
by which data is obtained, certified fit for use, stored, secured, and processed 
in such a way as to ensure that the accessibility, reliability, and timeliness of 
the data meet the needs of the data users within an organization. The Data 
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data management: An integrated 
set of functions that defines the 
processes by which data is obtained, 
certified fit for use, stored, secured, 
and processed in such a way as to 
ensure that the accessibility, reliability, 
and timeliness of the data meet the 
needs of the data users within an 
organization. 


Data management 

The data management association 
(dama) international has identified 
basic functions associated with 
data management. 

Source: “Body of Knowledge,” DMA 
International, httos://www.dama.org/ 
content/body-knowledge. Copyright DMA 
International. 


data governance: The core 
component of data management; it 
defines the roles, responsibilities, 

and processes for ensuring that data 
can be trusted and used by the entire 
organization, with people identified and 
in place who are responsible for fixing 
and preventing issues with data. 
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Management Association (DAMA) International is a nonprofit, vendor-indepen- 
dent, international association whose members promote the understanding, 
development, and practice of managing data as an essential enterprise asset. 
This organization has identified the major functions of data management, as 
shown in Figure 5.14. 


Data 


Governance 


Data governance is the core component of data management; it defines 
the roles, responsibilities, and processes for ensuring that data can be trusted 
and used by the entire organization, with people identified and in place who 
are responsible for fixing and preventing issues with data. 

The need for data management is driven by a variety of factors, including 
the need to meet external regulations designed to manage risk associated with 
the misstatement of financial data, the need to avoid the accidental release of 
sensitive data, and the need to ensure that key business decisions are made 
using high-quality data. Haphazard or incomplete business processes and con- 
trols simply will not meet these requirements. Rigorous management processes 
are needed to govern data. 

Effective data governance requires business leadership and active partici- 
pation and is an effort best led by business managers and not the information 
system organization. The data governance team should be a cross-functional 
and multilevel team, consisting of executives, project managers, line-of-business 
managers, and IS managers drawn from various areas of the business. The 
use of a cross-functional team is recommended because data and information 
systems are used by many different departments and no one individual has a 
complete view of the organization’s data needs. 

The data governance team develops a policy that specifies who is account- 
able for various portions or aspects of the data, including its accuracy, acces- 
sibility, consistency, completeness, updating, and archiving. The team defines 
processes for how the data is to be stored, archived, backed up, and protected 
from cyberattacks, inadvertent destruction or disclosure, or theft. It develops 
standards and procedures that define who is authorized to update, access, and 
use the data. The team also puts in place a set of controls and audit procedures 
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database administrator 

(DBA): A skilled and trained IS 
professional who holds discussions 
with business users to define their data 
needs; applies database programming 
languages to craft a set of databases 
to meet those needs; tests and 
evaluates databases; implements 
changes to improve the performance 
of databases; and assures that data is 
secure from unauthorized access. 


Database administrator 

The role of the database administra- 
tor (DBA) is to plan, design, create, 

operate, secure, monitor, and main- 
tain databases. 


data steward: An individual 
responsible for the management 

of critical data elements, including 
identifying and acquiring new data 
sources; creating and maintaining 
consistent reference data and master 
data definitions; and analyzing data for 
quality and reconciling data issues. 


data lifecycle management 
(DLM): A policy-based approach to 
managing the flow of an enterprise’s 
data, from its initial acquisition or 
creation and storage to the time when 
it becomes outdated and is deleted. 


to ensure ongoing compliance with organizational data policies and govern- 
ment regulations. Two key members of the data governance team are the data- 
base administrator and data stewards. 

A database administrator (DBA) is a skilled and trained IS professional 
who holds discussions with business users to define their data needs; applies 
database programming languages to craft a set of databases to meet those 
needs; tests and evaluates databases; monitors their performance and imple- 
ments change to improve response time for user queries; and assures that data 
is secure from unauthorized access. Database systems require a skilled database 
administrator (DBA), who must have a clear understanding of the fundamental 
business of the organization, be proficient in the use of selected database man- 
agement systems, and stay abreast of emerging technologies and new design 
approaches. Typically, a DBA has a degree in computer science or management 
information systems and some on-the-job training with a particular database 
management system product or more extensive experience with a range of 
database products. See Figure 5.15. 


iStock.com/Clerkenwell_Images 


An important responsibility of a DBA is to protect the database from attack 
or other forms of failure. DBAs use security software, preventive measures, and 
redundant systems to keep data safe and accessible. Despite the best efforts of 
DBAs, database security breaches are all too common. For example, 143 million 
American consumers had their sensitive personal information (name, address, 
birth date, social security number) exposed in a 2017 data breach at Equifax, 
one of the nation’s three leading credit bureaus.” 

The data steward is typically a non-IS employee who takes responsi- 
bility for the management of critical data entities or attributes. This includes 
identifying and acquiring new data sources to obtain the desired data entity 
or attribute; creating and maintaining consistent reference data and master 
data definitions; analyzing data for quality, and reconciling data issues. Data 
users consult with a data steward when they need to know what data to use 
to answer a business question, or to confirm the accuracy, completeness, or 
soundness of data within a business context. Data stewards advise and guide 
users and help them get the most value out of the enterprise data warehouse. 

Data lifecycle management (DLM) is a policy-based approach to man- 
aging the flow of an enterprise’s data, from its initial acquisition or creation 
and storage to the time when it becomes outdated and is deleted. See Figure 
5.16. Several vendors offer software products to support DLM such as the IBM 
Information Lifecycle Governance suite of software products. 
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The data life cycle 

A policy-based approach to manag- 
ing the flow of an enterprise's data, 
from its initial acquisition or creation 
and storage to the time when it 
becomes outdated and is deleted. 


Critical 
Thinking 
Exercise 


Abert/Shutterstock.com 
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Define data 
needs 


Archive : Evaluate alternate 
or discard 7 sources 


Data Acquire 


Evaluate Lifecycle data 


Access 


Store data 
and use 


Publish data 
descriptions 


Initiating a Data Management Program 
æ DECISION MAKING 


You are a second-level manager in the Finance department of a mid-sized man- 
ufacturing firm that has implemented employee, customer, product, order, and 
supplier databases. The databases all run on an Oracle database management 
system installed on a server owned and managed by your firm’s small IT organiza- 
tion. Recently you have been receiving a number of complaints from users of the 
database about extremely slow response time to their queries and report requests. 
Management has asked you to prepare a set of proposed solutions. 


Review Questions 


1. What advantages might be gained from moving to a database as a service 
environment? 
2. Can you think of any possible disadvantages to this approach? 


Critical Thinking Questions 


1. What additional questions need to be answered before you can decide if the 
database as a service approach is right for your firm? 
2. How might such a move affect you and your role? 
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Principle: 


A well-designed and well-managed database is an extremely valuable tool 
in supporting decision making. 

A database is a well-designed, organized, and carefully managed collection 
of data. 

Data consists of raw facts; information is a collection of data organized and 
processed so that it has additional value beyond the value of the individual 
facts. Turning data into information is a process performed to achieve a defined 
outcome. This process requires knowledge, which is the awareness and under- 
standing of a set of information and the ways in which that information can be 
made useful to support a specific task or reach a decision. 

Quality data has nine characteristics. It can be accessible, accurate, com- 
plete, economical to produce, relevant, reliable, secure, timely, and verifiable. 
The importance of each of these characteristics varies depending on the situa- 
tion and the kind of decision you are trying to make. The value of information 
is directly linked to how it helps people achieve their organizations’ goals. 

High quality can provide five benefits: improve decision making, increase 
customer satisfaction, increase sales, improve innovation, raise productivity, 
and ensure compliance. 

An entity is a generalized class of objects (such as a person, place, or thing) 
for which data is collected, stored, and maintained. An attribute is a character- 
istic of an entity. Specific values of attributes—called data items—can be found 
in the fields of the record describing an entity. A data key is a field within a 
record that is used to identify the record. A primary key uniquely identifies 
a record, while a secondary key is a field in a record that does not uniquely 
identify the record. 

A database management system consists of a group of programs used to 
access and manage a database as well as provide an interface between the 
database and its users and other application programs. 

Schemas are used to describe the entire database, its record types, and its 
relationships to the DBMS. Schemas are entered into the computer via a data 
definition language, which describes the data and relationships in a specific 
database. Another tool used in database management is the data dictionary, 
which contains detailed descriptions of all data in the database. 

A DBMS provides six basic functions: offering user views, creating and mod- 
ifying the database, storing and retrieving data, manipulating data and generat- 
ing reports, enabling security management, and providing backup and recovery 
capabilities. After a DBMS has been installed, the database can be accessed, 
modified, and queried via a data manipulation language. 

A type of specialized data manipulation language is the query language, the 
most common being Structured Query Language (SQL). SQL is used in several 
popular database packages today and can be installed in PCs and mainframes. 

Data cleansing is the process of detecting and then correcting or deleting 
incomplete, incorrect, inaccurate, or irrelevant records that reside in the data- 
base. The goal of data cleansing is to improve the quality of the data used in 
decision making. 

When building a database, an organization must consider content, access, 
logical structure, physical organization, archiving, and security of the database. 

Enterprise data modelling involves analyzing the data and information 
needs of an entire organization and provides a roadmap for building database 
and information systems by creating a single definition and format for data 
that can ensure compatibility and the ability to exchange and integrate data 
among systems. 
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Entity-relationship (ER) diagrams can be used to show the relationships 
among entities in the organization. 

The relational database model places data in two-dimensional tables. Tables 
can be linked by common data elements, which are used to access data when 
the database is queried. Each row in a relational database table represents a 
record, and each column represents an attribute (or field). The allowable values 
for each attribute are called the attribute’s domain. 

Database normalization is the process of organizing data in a relational 
database to eliminate data redundancy and ensure that data dependencies 
make sense. If done properly, data normalization will ensure that the database 
takes up minimal data storage and provides improved performance. 

A relational database has six fundamental characteristics: 1) Data is orga- 
nized into collections of two-dimensional tables called relations; 2) each row 
in the table represents an entity and each column represents an attribute of 
that entity; 3) each row in a table is uniquely identified by a primary key; 
4) the type of data a table column can contain can be specified as an integer 
number, decimal number, date, text, etc.; 5) the data in a table column can be 
constrained to be of a certain type (integer, decimal number, data, character, 
etc.), a certain length, or to have a value between two limits; 6) primary and 
foreign keys enable relationships between the tables to be defined; and 7) user 
queries are used to perform operations on the database like adding, changing, 
or deleting data and selecting, projecting, and joining existing data in existing 
tables. 

SQL is a special-purpose programming language for accessing and manip- 
ulating data stored in a relational database. 

SQL databases conform to ACID properties of atomicity, consistency, iso- 
lation, and durability. These properties guarantee database transactions are 
processed reliably and ensure the integrity of the data in the database. 

Selecting a DBMS begins by analyzing the information needs of the organi- 
zation. Important characteristics of databases include the size of the database, 
the number of concurrent users, the performance of the database, the ability 
of the DBMS to be integrated with other systems, the features of the DBMS, 
the vendor considerations, and the cost of the database management system. 

In database as a service (DaaS) arrangement, the database is stored on a 
service provider’s servers and accessed by the subscriber over a network, typ- 
ically the Internet. One advantage of Daas is that it eliminates the installation, 
maintenance, and monitoring of in-house databases thus reducing hardware, 
software, and staffing related costs. A second advantage is that the service pro- 
viders can allocate more or less database storage processing capacity based on 
an individual customer’s changing needs. 


Principle: 


A strong data management program is needed to ensure high-quality data. 

Data management is an integrated set of 10 functions that define the pro- 
cesses by which data is obtained, certified fit for use, stored, secured, and 
processed in such a way as to ensure that the accessibility, reliability, and 
timeliness of the data meet the needs of the data users within an organization. 

Data governance is the core component of data management; it defines 
the roles, responsibilities, and processes for ensuring that data can be trusted 
and used by the entire organization with people identified and in place who 
are responsible for fixing and preventing issues with data. 

The need for data management is driven by three factors: 1) the need to 
meet external regulations designed to manage risk associated with the misstate- 
ment of financial data, 2) the need to avoid the accidental release of sensitive 
data, and 3) the need to ensure that key business decisions are made using 
high-quality data. 
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A database administrator (DBA) plans, designs, creates, operates, secures, 
monitors, and maintains databases. A data steward is typically a non-IS 
employee who takes responsibility for the management of critical data entities 
or attributes. 

Four key responsibilities of the data governance include: 1) develop a 
policy that specifies who is accountable for various portions or aspects of the 
data; 2) define processes for how the data is to be stored, archived, backed 
up, and protected from cyberattacks, inadvertent destruction or disclosure, or 
theft; 3) develop standards and procedures that define who is authorized to 
update, access, and use the data; and 4) put in place a set of controls and audit 
procedures to ensure ongoing compliance. 

Data lifecycle management is a policy-driven approach to managing the 
flow of an enterprise’s data, from its initial acquisition or creation and storage 
to the time it becomes outdated and is deleted. 


ACID properties database management system (DBMS) 
attribute domain 

concurrency control enterprise data model 

data entity 

data cleansing entity-relationship (ER) diagram 
data definition language (DDL) file 

data dictionary foreign key 

data governance information 

data item joining 

data lifecycle management (DLM) knowledge 

data management primary key 

data manipulation language (DML) projecting 

data normalization record 

data steward relational database model 
database schema 

database administrator (DBA) selecting 

database approach to data management SQL 


Database-as-a-Service (DaaS) 


Self-Assessment Test 


A well-designed and well-managed database is an 3. A collection of attributes about a specific entity 
extremely valuable tool in supporting decision isa 
making. a. record 
1. A collection of raw facts is called b. database 
c. domain 
a. attribute d. file 
b. information 4. A(n) is a person, place, or 
c. data thing (object) for which data is collected, 
d. knowledge stored, and maintained. 
2. An organization may require high-quality data to 5. A is a collection of similar 
entities while a(n) is a charac- 


avoid fines and penalties for non-conformance to ea : 
regulatory requirements. True or False? teristic of an entity. 
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a. domain and record c. eliminate data redundancies and ensure data 
b. database and key dependencies make sense 
c. record and foreign key d. delete old, obsolete data from the database 
d. file and attribute 13% properties of SQL databases 
6. Which of the following is not a function of the help ensure the integrity of data in the database. 
database management system ? 14. Which of the following is not an advantage asso- 
a. database data normalization and data ciated with database-as-a-service (DaaS)? 
cleansing a. It eliminates the installation, maintenance, 
b. database backup and monitoring of in-house databases. 
c. database recovery b. It reduces hardware, software, and staffing 
d. database security related costs. 
7. A database and a database management system c. The service provider can allocate more or less 
are the same thing. True or False? database storage capacity based on an indi- 
8. A collection of instructions and commands to vidual customer’s changing needs. 
define and describe data and relationship in a d. The customer has complete responsibility 
specific database is a for database security access and database 
a. database schema backup. 
b. data definition language 15. Data governance is a subset of data manage- 
c. data model ment. True or False? 
d. data manipulation language 16. One of the driving reasons behind the need for 
9. The process of detecting and then correcting data management is to manage risk associated 
or deleting incomplete, incorrect, inaccurate, or with the misstatement of financial data. True or 
irrelevant records that reside in a database is False? 
called 17. The individual who is responsible for plan- 
a. data normalization ning, designing, creating, operating, securing, 
b. data concurrency control monitoring, and maintaining databases is the 
c. data management : 
d. data cleansing 18. Which of the following is not a key responsibil- 
10. In the design of a database, it is not necessary to ity of the data governance team? 
know how long the data must be stored. True or a. develop policy that specifies who is account- 
False? able for various aspects of the data 
11. The use of primary keys and foreign keys make b. decide which database technology should be 
it impossible to define relationships between the used 
data in two tables of a relational database. True c. define processes for how the data is to be 
or False? stored, archived, backed up, and protected 
12. The purpose of data normalization is to from cyberattacks 


a. remove any inaccurate or incomplete data 
from the database 

b. insert newer, more current data into the 
database 


Self-Assessment Test Answers 


d. develop standards and procedures that define 
who is authorized to update, access, and use 
the data 


i, € 10. False 

2. True 11. False 

bh al 127 ec 

4. entity 13. ACID 

Sy Gl 14. d 

G A 15. False 

7. False 16. True 

8. a 17. database administrator 
9. d 18. b 
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Review and Discussion Questions 


1. Explain the difference between data, informa- 
tion, and knowledge. 

2. What are six benefits of using high-quality data? 

3. Define the term database. Define the term data- 
base management system. Identify six functions 


performed by the database management system. 


4. What roles do database schema, data definition 
language, and data manipulation play? 

5. What is the purpose of data cleansing? 

6. You are working with a database administrator 
to design a new customer comments database. 
What seven key questions must be answered to 
perform a good design? 


7. What are the six fundamental characteristics of a 


relational database model? 

8. Why might an organization wish to go through 
the process of database normalization for key 
operational databases? 


g 


10. 


11. 


12. 


13. 


14. 


What are the benefits associated with enforce- 
ment of the ACID properties of SQL databases? 
State two reasons why an organization may wish 
to implement Database-as-a-Service. Can you 
identify any potential issues with this approach? 
In your own words, describe the difference 
between data management and data governance. 
What three factors are driving the need for data 
management? 

How would you define the role of the database 
administrator? 

Distinguish between the key responsibilities of 
the data governance team and those of the data- 
base administrator. 


Business-Driven Decision-Making Exercises 


1. Ticketmaster is a global ticket retailer selling 
hundreds of millions of tickets to every type of 


show and venue with total revenue exceeding $8 


billion/year. In 2010, it merged with Live Nation 
to become Live Nation Entertainment. Customer 


demand for tickets is very uneven with extremely 


high demand during the first hours of ticket 
availability for a popular event, followed by a 
significant decline in demand. This results in a 
very uneven demand on computing resources 


which is difficult to meet. In addition, any system 


downtime is extremely expensive and can result 


in lost sales approaching $1 million per hour. 617 


What are the pros and cons for Ticketmaster to 
move its database operations to a Database as a 
Service provider? What potential data manage- 
ment issues might arise in this transition? Who 
should be involved in making this decision? 

2. Your organization has a major problem in col- 
lecting on overdue accounts receivable with 


$10 million in outstanding debt. As a result, it 
is considering making a $100,000 investment 
to improve the accuracy of its accounts receiv- 
able data. Based on results of competitors in 
your industry, you can expect to collect about 
30% of the outstanding debt or $3 million by 
accurately identifying contact data for non- 
paying customers. The remaining $7 million 
of outstanding debt would be turned over to a 
collection agency. The expected recovery rate 
is 25%. 

How much of the outstanding debt would be 
recovered through a combination of data quality 
improvement and collection agency efforts? How 
much debt would be recovered if the entire $10 
million in outstanding debt were turned over 
to the collection agency? What is the additional 
net revenue generated from a combination of 
data quality improvement and collection agency 
efforts? 


Teamwork and Collaboration Activities 


1. As a team, interview a group of managers from 
your school, place of work, bank, or another 
organization that the instructor suggests that 
recently implemented a major database. Your 
goal is to understand the process the organi- 
zation went through to develop the database. 
You also want to identify both the IS people 
and non-IS people who were involved and their 
roles. Find out the name of the database and 


the data entities and data attributes contained in 
the database. What database management sys- 
tem did each company select to implement its 
database, and why? Have the managers and their 
staff received training in any query or reporting 
tools? What do they like about their database, 
and what could be improved? Looking back over 
it all with 20-20 hindsight, is there anything they 
would have changed? 
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2. A company that provides a movie-streaming 
subscription service uses a relational database to 
store information on movies to answer customer 
questions. Each entry in the database contains 
the following items: Movie ID (the primary key), 
movie title, year made, movie type, MPAA rat- 
ing, starring actor #1, starring actor #2, starring 
actor #3, and director. Movie types are action, 
comedy, family, drama, horror, science fiction, 
and western. MPAA ratings are G, PG, PG-13, R, 
NC-17, and NR (not rated). Work with your team 
and use a database management system to build 
a data-entry screen to enter this data. Build a 
small database with at least a dozen entries. 
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Now that the database is built, the employees 
of the movie-streaming company have proposed 
several changes that are being considered for 
the database in the previous exercise. From the 
following list, choose two database modifica- 
tions, and then modify the data-entry screen 

to capture and store this new information. The 
proposed changes are as follows: a) add the 
date that the movie was first released to the- 
atre; b) add the executive producer’s name; c) 
add a customer rating of one, two, three, four, 
or five stars, based on the number of rentals; 
and d) add the number of Academy Award 
nominations. 


Career Exercises 


1. Describe the role of a database administrator. 
What skills, training, and experiences are neces- 
sary to fulfill this role? Create a fictitious resume 
that would be sure to get the candidate strong 
consideration for a database administrator posi- 
tion at a large consumer packaged goods man- 
ufacturer such as Procter & Gamble, Unilever, 
Kimberly-Clark, etc. 

2. Dice.com is one of many career Web sites that 
cater to those pursuing technical careers. Go 


to the Web site, enter “database administra- 
tor” in the search box, and read eight of the 
search results. What are some of the com- 
mon requirements among the search results? 
What database products do you see getting 
heavy emphasis in the job listings? With this 
information, how could you best prepare 
yourself for a career as a database administra- 
tor or to work with databases in your line of 
business? 


æ DATA PROTECTION 


Biometric Databases Catch Criminals 

By the year 2021, the European Union will have a database of 
fingerprints, photographs for facial recognition, passport num- 
bers and birth dates of all its 350 million citizens. Data that 
are measurements of a person’s body, such as a photograph of 
their face, are known as biometric data. In the EU, the biomet- 
ric database will be called CIR, for Common Identity Reposi- 
tory. The database will also allow searches of other databases 
to match citizens posing with multiple identities, which will 
aid border control and security agencies. Critics are concerned 
that with so much information in one database, it will be 

a target for security breaches. With many agencies having 
shared access to the biometric database, there could be more 
exposure and risk to cybercrime and no entity, be it private or 
government, is invulnerable to security breaches. 

Although the United States does not have a country- 
wide biometric database such as the EU’s CIR, law enforce- 
ment agencies around the country have access to various 
databases containing biometric data such as photographs. 
Many of these agencies are now using facial recognition 
software to search the database for a specific criminal. 

This searching is controversial because the US lacks most 
laws governing the use of searching databases for a facial 
match. For example, in the states of Maryland and Indi- 
ana, the police are allowed to search a database of driver’s 
license photos to recognize a potential criminal, whereas 


in Oregon, only the database of mug shots is allowably 
searchable. Legally, driver’s licenses photographs are not 
considered public record, which presents a dilemma to law 
enforcement. 

In the spring of 2019, San Francisco banned the use of 
facial recognition by police and city agencies. Lawyers are 
beginning to weigh into the discussion. At the Georgetown 
Law Center of Privacy and Technology, a spokesperson, 

Ms. Garvie said “There is a fundamental absence of trans- 
parency around when and how police use face recognition 
technology. The risks of misidentification are substantial.” 
(Bosman & Kovaleski, 2019) US citizens and lawyers are not 
the only groups to be concerned about the government’s 
use of biometric databases. In 2019, the House of Represen- 
tatives’ House Oversight Committee has support from bipar- 
tisan groups to control the use of biometrics in government 
agencies. 

Although the US might not have a domestic biometric 
database for law enforcement, other agencies are currently 
searching biometric databases to catch criminals. The US 
Department of Homeland Security has created a large bio- 
metric database called HART, short for Homeland Advanced 
Technical System. The biometrics in this database include 
facial photos, fingerprints, irises and other distinguishing 
features like tattoos. In addition, HART can share data from 
other agencies such as the FBI and the State Department. 
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The HART database is stored on Amazon’s Web Ser- 
vices, AWS. Amazon serves the government’s data storage 
needs through GovCloud. Other government agencies use 
GovCloud such as NASA, the CIA, and the Defense Depart- 
ment. GovCloud complies with all government regulation 
requirements and also commercial security and privacy 
standards. The physical databases are stored in different 
zones in the United States to ensure continuous data avail- 
ability and low latency. (Latency is the time it takes for data 
to travel from the data center to the user.) Each site has its 
own power supply including air-conditioning in a secured 
setting. Multiple copies of data are stored (redundancy). 

“The use of technology and data is becoming increas- 
ingly important to law enforcement,” said Major Mike White, 
Assistant Chief of Staff with the Indiana State Police Depart- 
ment. “With advancements, come the need for secure con- 
nectivity and storage without draining the budget. Storage 
for databases, reports, and video are part of today’s chal- 
lenges for law enforcement technology managers. AWS is 
quickly becoming a go-to solution for technology needs that 
won't break the bank.”(Business Wire, 2018) 


Critical Thinking Questions 


1. Distinguish between the terms data management and 
data governance. How are biometric databases being 
managed and how are they being governed? What are 
the concerns in each segment? 

2. Describe the ethical dilemma of using facial recogni- 
tion by law enforcement agencies. If in the classroom, 
hold a debate of the pros and cons. 


3. Research how criminals are discovered and arrested 
using a biometric database. Find one example and 
report on that. Cite your source. Research the ban on 
use of biometric databases in San Francisco in 2019, 
to include in your report. 


Sources: “Half of American adults are in a little regulated police 
face recognition database” 10/20/2016 Homeland Security News 
Wire. Accessed 6/22/2019 http:/jvww.homelandsecuritynewswire. 
com/dr20161020-half-of-american-adults-are-in-a-little-regulated- 
police-face-recognition-database, Mari, Angelica. “European Union 
to create central biometrics database” Computer Weekly. Com. 
4/25/2019. Accessed 6/22/2019 at https:/Avww.computerweekly.com/ 
news/252462245/European-Union-to-create-central-biometrics-da- 
tabase, Woollacott, Emma. “Security experts weigh in on EU biomet- 
rics database plan” The Daily Swig. 4/30/2019. Accessed 6/22/2019 
at bitps://portswigger.net/daily-swig/security-experts-weigh-in-on- 
eu-biometrics-database-plan; Bosman, Julie, & Kovaleski, Serge F. 
“Facial Recognition: Dawn of Dystopia, or Just the New Fingerprint?”, 
New York Times, 5/18/2019, accessed 6/22/2019 at hitps:/Avww. 
nytimes.com/2019/05/18/us/facial-recognition-police.html, Corri- 
gan, Jack. “DHS to Move Biometric Data on Hundreds of Millions of 
People to Amazon Cloud” Nextgov 6/19/2019. Accessed 6/22/2019 
at https.//www.nextgov.com/it-modernization/2019/06/dhs-move-bio- 
metric-data-hundreds-millions-people-amazon-cloud/15 783 7/, 
Dunn, John E. “US Government’s biometric database worries pri- 
vacy advocates” Naked Security 6/11/2018. accessed 6/22/2019 

at hbttps.//nakedsecurity.sophos.com/2018/06/1 1/us-govern- 
ments-biometric-database-worries-privacy-advocates/, “Ama- 

zon Web Services Launches Second GovCloud Region in the 

United States” Business Wire 11/12/ 2018. Accessed 6/22/2019 at 
https://www.businesswire.com/news/bome/20181112005823/en/ 
Amazon-Web-Services-Launches-GovCloud-Region-United 


Sources for opening vignette: “The 100,000 Genomes 
Project,” Genomics England, bitps:/Avww.genomicsengland. 
co.uk/about-genomics-england/the-100000-genomes-project, 
accessed February 10, 2019; “As the NHS Celebrates 70 
Years Genomics England Sequences Its 70,000th Genome,” 
Genomics England, https:,/jvww.genomicsengland.co.uk/ 
as-the-nhs-celebrates-70-years-genomics-england-sequences- 
its-70000th-genome/, July 4, 2018; “NHS Digital Data Release 
Register,” National Health Organization, https://theysoldit- 
anyway.com/organisations/genomics_england/, accessed 
May 29, 2019; “A New Milestone in British Genomics,” 
Front Line Genomics, hitp;/Avww,frontlinegenomics.com/ 
news/10364/new-milestone-british-genomics/, March 7, 2017; 
“Data types and storage in the 100,000 Genomes Project,” 
Genomics England, https:;/jvww.genomicsengland.co.uk/ 
understanding-genomics/data/data-types-and-storage/, 
accessed May 29, 2019; “Genomics England Uses MongoDB 
to Power the Data Science Behind the 100,000 Genomes 
Project,” MongoDB, hittps,/Ajvwww.mongodb.com/press/ 
genomics-england-uses-mongodb-to-power-the-data-science- 
behind-the-100000-genomes-project, accessed February 10, 
2019; “Reference Genome: Defining Human Difference,” 
Genomics Education Programme NHS England, January 

20, 2017; bttps:/Avww.genomicseducation.hee.nhs.uk/news/ 
item/328-reference-genome-defining-human-difference. 


1. “Starbucks Reports Record Q3 Fiscal 2018 Revenues 
and EPS,” https://s22.q4cdn.com/869488222/files/ 
doc_news/Starbucks-Q3-FY18-Earnings-Release.pdf, 
accessed August 28, 2018. 

2. “The State of Data Quality,” An Experian Data Quality 
White Paper, bitps:/jvww.experian.com/assets/ 
decision-analytics/white-papers/the%20state%200f%20 
data%20quality.pdf, accessed October 15, 2018. 

3. “Poor-Quality Data Imposes Costs and Risks on 
Businesses, Says New Forbes Insights Report,” 

Forbes, May 31, 2017, bttps:/Avww,forbes.com/sites/ 
Sorbespr/201 7/05/3 1/poor-quality-data-imposes- 
costs-and-risks-on-businesses-says-new-forbes-insights- 
report/#6 79 7e8d3452b. 

4. “Offshore Leaks Database,” International Consortium of 
Investigative Journalists, bttps://offshoreleaks.icij.org/ 
pages/about, accessed February 8, 2018. 

5. “National Integrated Ballistic Database Network,” 
Bureau of Alcohol, Tobacco, Firearms, and Explosives, 
https://www.atf_gou/firearms/national-integrated- 
ballistic-information-network-nibin, accessed 
February 8, 2018. 

6. “Overview of the GTD,” Global Terrorism Database, 
wuww.start.umd.edu/gtd/about, accessed February 8, 
2018. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


10. 


11. 


12. 


. “About LeadsOnline,” LeadsOnline, https;//www.leadson- 


line.com/main/about-leadsonline.php, accessed August 
30, 2018. 


. “The National Syndromic Surveillance Program (NSSP),” 


Centers for Disease Control and Prevention, https://www 
.cdc.gou/nssp/overview.html, accessed August 30, 2018. 


. “Healthcare Provider Data Model and Analytics Solution 


Healthcare Datamodel,” IBM Global Solutions Directory, 
http://www-304.ibm.com/partnerworld/gsd/solutionde- 
tails.do?solution=4458 7Gexpand=trueG&lc=en, accessed 
March 7, 2018. 

“IBM Health Analytics Solution,” bitp:/Avww-03.ibm. 
com/industries/ca/en/healthcare/documents/IBM_ 
Health_Analytics_Solutions.pdf, accessed March 8, 2018. 
Proffitt, Brian, “FoundationDB’s NoSQL Breakthrough 
Challenges Relational Database Dominance,” Read Write, 
March 8, 2013, hitp:/readwrite.com/2013/03/08/ 
Soundationdbs-nosql-breakthrough-challenges- 
relational-database-dominance#awesm=~ 
oncflkqw3jiMOJ. 

“Zillow.com Deploys MySQL Cluster for High Growth 
with High Availability,” bitps:/Avww.mysql.com/why- 
mysql/case-studies/mysql-cs-zillow.html, accessed March 
6, 2017. 


13. 


14. 


T5. 


16. 


I7 


CHAPTER 5 @ Database Systems and Data Management 205 


“About Us,” bitps:/Avww.airbnb.com/about/about-us, 
accessed November 23, 2017. 

“Airbnb Case Study,” hitps,//aws.amazon.com/solutions/ 
case-studies/airbnb/, accessed November 23, 2017. 
Allen St. John, “Equifax Data Breach: What Consumers 
Need to Know,” Consumer Reports, September 21, 2017, 
https:/Avww.consumerreports.org/privacy/what-consumers- 
need-to-know-about-the-equifax-data-breach. 

Daniel D. Gutierrez, “Inside Big Data: Ticketmaster: 
Using the Cloud Capitalizing on Performance, Analytics, 
and Data to Deliver Insights,” © 2018 inside BigData 
LLC, bitp://assets.teradata.com/resourceCenter/down- 
loads/CaseStudies/EB2694_InsideBigData_Ticketmaster. 
pdf. 

Peter Cohen, “Amazon Seeks To Snag $5 Billion Mar- 
ket From Ticketmaster,” Forbes, August 11, 2017, 
https://www ,forbes.com/sites/petercohan/201 7/08/11/ 
amazon-seeks-to-snag-5-billion-market-from- 
ticketmaster/2/#42d8e6a9f9ae. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


ġa Business Intelligence: Big Data 
and Analytics 


JANUA m M 
FEBRUARY 
MARCH K ee 

E B 
APRIL 

Gi 
MAY Ea * 


a See 


©O6¢] 


Principles 


We have entered an era 
where organizations are 
grappling with a tremendous 
growth in the amount of data 
available and struggling to 
understand how to manage 
and make effective use of it. 


+ 


A number of available tools 
and technologies allow orga- 
nizations to take advantage 
of the opportunities offered 
by big data. 


There are many business 
intelligence (BI) and analytics 
techniques that can be used 
to support improved decision 
making. 


Learning Objectives 


e Identify five key characteristics associated with big data. 


e Identify five key challenges associated with big data. 


e Distinguish between the terms data warehouse, data mart, and data lake. 


e Explai 


n the purpose of each step in the extract, transform, and load process. 


e State four ways a NoSQL database differs from an SQL database. 


e Identify the two primary components of the Hadoop computing environment. 


e Identify the primary advantage of in-memory database in processing big data. 


e State the primary difference between business intelligence and analytics. 


e Define the role of a data scientist. 


e Identify three key organizational components that must be in place for an 


organ 


ization to get real value from its Bl/analytics efforts. 


e Identify five broad categories of business intelligence/analytics techniques 
including the specific techniques used in each. 


e Identify four potential issues that arise with the use of self-service analytics. 
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IS in Action 


Fuels Rapid Growth with Data Science 


INFORMATION TECHNOLOGY 


A leader in the sharing economy, Airbnb grew from a small business operating out of a 
San Francisco loft to a high-profile company estimated in early 2019 to be worth at least 
$38 billion. Originally called Airbed & Breakfast, the business was conceived by founders 
Brian Chesky and Joe Gebbia as a way to pay their own rent by offering temporary lodg- 
ing for paying guests. They expanded their business by developing a website where other 
hosts could showcase their living spaces and visitors could reserve and pay for them. The 
site and the service have proven more popular than Chesky and Gebbia ever imagined, 
leading to rapid growth and enviable brand recognition. 

As of spring 2019, Airbnb had more than 6 million properties --ranging from shared 
rooms to entire homes --listed in more than 80,000 cities worldwide. (That’s more listings 
than the top five hotel brands combined.) According to the company, more than 2 million 
people stay in an Airbnb property each night. The company has disrupted the hospitality 
industry by offering an alternative to traditional lodging, especially in popular travel spots 
during peak periods when hotels often sell out and charge top rates for rooms. 

Airbnb credits much of its astonishing growth to data science, the practice of gath- 
ering insights and useful information from digital data. A data scientist is an individual 
who combines strong business acumen, a deep understanding of analytics, and a healthy 
appreciation of the limitations of data, tools, and techniques to deliver real improvements 
in decision making. Data scientists examine a business problem from many points of view, 
determine what kinds of data could help solve the problem, and then select the right tools 
to extract the data and uncover insights for making organizational decisions. 

One of the first seven people hired at Airbnb was Riley Newman, a data scientist. “In 
the past,” Newman says, “data was often referenced in cold, numeric terms...how many 
listings do we have in Paris? What are the top 10 destinations in Italy?” Now, Newman 
continues, “We use statistics to understand individual experiences and aggregate those 
experiences to identify trends across the community; those trends inform decisions about 
where to drive the business.” 

At the heart of the Airbnb experience is the search system, which combines dozens of 
pieces of data to help guests find listings that meet their requirements. At first, Airbnb’s 
search tool returned listings based mainly on location because the company assumed 
people would want to stay in accommodations near the center of a city. One problem with 
that approach was that the radius of desirable locations varies widely around the world. 
Another was that people often wanted to stay in other neighborhoods, such as Brooklyn 
rather than midtown Manhattan in New York. 

“We decided to let our community solve the problem for us,” says Newman. After 
building a robust data set of guest and host interactions, Airbnb was able to provide 
search results based in part on where people searching for a particular location ended up 
booking a room. The company continues to refine the search system to help users find 
unique experiences around the world. 

Airbnb uses data science not only to improve its search tool but also to streamline 
the conversion process: searching for accommodations, contacting a host, and making a 
reservation. The company also relies on data science to measure and evaluate the Airbnb 
experience, since that determines whether guests will use Airbnb again and recommend 
the service to someone else. Additionally, by gathering and arranging data, asking ques- 
tions, performing “what-if” and statistical analyses, and challenging conventional wisdom, 
data scientists at Airbnb help people across the company make decisions involving diver- 
sity in hiring practices, product offerings, site design, and customer experience. 

Airbnb also turned to data scientists to solve an internal company problem regarding 
data management. As the company continued to grow, the number of tools used to make 
decisions based on data --especially data from users --also increased. These resources 
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included data tables, dashboards, and reports. However, employees often did not know 
which resource to use to find the data they needed. And if they thought a resource was 
outdated or inaccurate, they sometimes created a new resource, which complicated the 
problem. 

To provide a solution, a group of Airbnb data scientists developed the Dataportal, a 
system that integrates the company’s data resources, making it easy for Airbnb employees 
to identify and analyze data to inform decision-making. All data flowing into Airbnb from 
users and employees is now directed to the Dataportal. Searching the Dataportal returns 
information, often in graphical form, along with background details that provide context 
for the data and show how it is connected to other data, often leading to new insights 
and saving search time. 

In this way, Airbnb has assembled the three key components it needs to derive 
real value from its business intelligence and analytics efforts: a solid data management 
program, creative data scientists, and a strong commitment to data-driven decision 
making. 


As you read this chapter, consider the following: 


* How does a data scientist approach data? What role does the data scientist play in 
supporting organizational decisions? 

e What characteristics make for a successful data scientist? What tools and knowledge 
does a data scientist need to deliver improvements to an organization? 


Why Learn about Big Data and Analytics? 


We are living in the age of big data, with new data flooding us from all directions at the incompre- 
hensible speed of nearly a zettabyte (1 trillion gigabytes or a 1 followed by 21 zeros) per year. What 
is most exciting about this data is not its amount, but rather the fact that we are gaining the tools 
and understanding to do something truly meaningful with it. Organizations are learning to analyze 
large amounts of data not only to measure past and current performance but also to make predic- 
tions about the future. These forecasts will drive anticipatory actions to improve business strategies, 
strengthen business operations, and enrich decision making—enabling the organization to become 
more competitive. 

A wide range of business users can derive benefits from access to data, but most of them lack 
deep information systems or data science skills. Business users need easier and faster ways to dis- 
cover relevant patterns and insights into data to better support their decision making and to make 
their companies more agile. Companies that have access to the same kind of data as their compet- 
itors but can analyze it sooner to act faster, can outpace their peers. Providing BI tools and making 
business analytics more understandable and accessible to these users should be a key strategy of 
organizations. 

Bristol-Myers Squibb and many other pharmaceutical companies are using big data and analytics 
to move from developing mass therapies for the average person on the street to personalized ther- 
apies. This approach to disease treatment and prevention takes into account individual variability in 
genes, environment, and lifestyle to tailor a solution for a specific individual. United Parcel Service, the 
package delivery giant, is using big data and analytics to cut costs while dealing with an increase in 
e-commerce packages. It gathers and analyzes over 1 billion data points each day including data about 
package weight, origin/destination, shape, and size to optimize the flow of packages across its entire 
network. Home Depot employs big data and analytics to comb through social media data particularly 
Pinterest’s “Shop the Look” pins. The data enables the firm to target potential shoppers just starting 
their home improvement journey, picking up key signals they’re giving off, like style cues, product 
tastes, or project interests. 

Regardless of your field of study in school and your future career, using big data and analytics will 
likely be a significant component of your job. As you read this chapter, pay attention to how different 
organizations use business analytics. This chapter starts by introducing basic concepts related to BI and 
analytics. Later in the chapter, several BI and analytics tools and strategies are discussed. 
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Big Data 


big data: The term used to describe 
data collections that are so enormous 
(terabytes or more) and complex (from 
sensor data to social media data) that 
traditional data management software, 
hardware, and analysis processes are 
incapable of dealing with them. 
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Big data is the term used to describe data collections that are so enormous 
(terabytes or more) and complex (from sensor data to social media data) that 
traditional data management software, hardware, and analysis processes are 
incapable of dealing with them. There are five key characteristics associated 
with big data: volume, velocity, value, variety, and veracity. 


Volume. In 2017, it was estimated that the volume of data that exists in 
the digital universe was 16.1 zettabytes (one zettabyte equals one trillion 
gigabytes). The digital universe is expected to grow tenfold to an amaz- 
ing 163 zettabytes by 2025 as shown in Figure 6.1. Most of this new data 
is expected to come from data gathered by embedded systems in such 
devices as smart meters, security cameras, RFID chips, autonomous auto- 
mobiles, aircraft engines, medical devices, and home appliances.' 
Velocity. Velocity refers to the rate at which new data is being generated— 
now estimated to be on the order of 2.5 quintillion bytes each day 

(that’s 2,500 followed by 15 zeros). This rate is accelerating rapidly, with 
90 percent of the data in the world generated in just the past two years!” 
Value. Value in this context refers to the worth of the data in decision mak- 
ing. The acceleration in the volume of data makes it imperative to quickly 
“separate the wheat from the chaff” and identify the data truly needed for a 
particular decision-making scenario, process that data, and take action. 
Variety. Data today comes in a variety of formats. Some of the data is 
what computer scientists call structured data—its format is known in 
advance, and it fits nicely into traditional databases. For example, the 
data generated by the well-defined business transactions that are used to 
update many corporate databases containing customer, product, inven- 
tory, financial, and employee data is generally structured data. However, 
most of the data that an organization must deal with is unstructured 


Data created 


2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 


Year 


Increase in size of the global datasphere 
Source: “Total WW Data to Reach 163ZB by 2025,” Storage Newsletter, April 5, 2017, httos:/Avww.storagenewsletter 
.com/2017/04/05/total-ww-data-to-reach- 163-zettabytes-by-2025-idc. 
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data, meaning that it is not organized in any predefined manner. Unstruc- 
tured data comes from sources such as word-processing documents, 
social media, email, photos, surveillance video, and phone messages. 

e Veracity. Veracity is a measure of the quality of the data. Is the data 
sufficiently accurate, complete, and current that it can be relied on and 
trusted to form the basis of good decision making? 


Sources of Big Data 


Organizations collect and use data from a variety of sources, including business 
applications, social media, sensors and controllers that are part of the manufactur- 
ing process, systems that manage the physical environment in factories and offices, 
media sources (including audio and video broadcasts), machine logs that record 
events and customer call data, public sources (such as government Web sites), and 
archives of historical records of transactions and communications (see Figure 6.2). 
Much of this collected data is unstructured and does not fit neatly into traditional 
relational database management systems. Table 6.1 provides a starter list of some 
of the many Web portals that provide access to free sources of useful big data sets. 


FIGURE 6.2 Documents 
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Twitter, Facebook, 
LinkedIn, Pinterest 


N 


Machine log data Sensor data 
Call detail data event logs, Process control devices, 
business process logs, smart electric meters, 


application logs packing line counters 


Media 
Images, audio, video, 
live data feeds, podcasts 


TABLE 6.1 Portals that provide access to free sources of useful big data 


Data Source Description URL 


Amazon Web Services Portal to a huge repository of public data, including http://aws.amazon.com/datasets 
(AWS) public data sets climate data, the million song data set, and data from 
the 1000 Genomes project. 


Bureau of Labor Provides access to data on inflation and prices, wages www.bls.gov 

Statistics (BLS) and benefits, employment, spending and time use, 
productivity, and workplace injuries 

CIA World Factbook Portal to information on the economy, government, https://cia.gov/library/publications 
history, infrastructure, military, and population of 267 /the-world-factbook 
countries 
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Data.gov 


Facebook Graph 


FBI Uniform Crime 
Reports 


Justia Federal District 
Court Opinions and 
Orders database 


Gapminder 


Google Finance 


Healthdata.gov 


National Centers 
for Environmental 
Information 


New York Times 


Pew Research Center 
Internet & Technology 


U.S. Census Bureau 
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Portal providing access to over 186,000 government 
data sets, related to topics such as agriculture, 
education, health, and public safety 


Provides a means to query Facebook profile data not 
classified as private 


Portal to data on Crime in the United States, Law 
Enforcement Officers Killed and Assaulted, and Hate 
Crime Statistics 


A free searchable database of full-text opinions and 
orders from civil cases heard in U.S. Federal District 
Courts 


Portal to data from the World Health Organization and 
World Bank on economic, medical, and social issues 


Portal to 40 years of stock market data 


Portal to 125 years of U.S. health care data, including 
national health care expenditures, claim-level 
Medicare data, and data related to health care quality, 
epidemiology, and population, among many other topics 


Portal for accessing a variety of climate and weather 
data sets 


Portal that provides developers access to NYT articles, 
book and movie reviews, data on political campaign 
contributions, and other material 


Portal to research on U.S. politics, media and news, 
social trends, religion, Internet and technology, 
science, Hispanic, and global topics 


Portal to a huge variety of government statistics and 
data relating to the U.S. economy and its population 


Big Data Uses 


Here are just a few examples of how organizations are employing big data to 


http://data.gov 


https://developers facebook.com 
/docs/graph-api 
https://www,fbi.gov/about-us/cfis 
Jucr/ucr/ 


http:/law.justia.com/cases/federal 
/district-courts 


www.gapminder.org/data 


http://google.com/finance 


www.healthdata.gov 


www.ncdc.noad.gov 
/data-access/quick-links#loc-clim 
http://developer.nytimes.com/docs 


http://www.pewinternet.org/datasets 


www.census.gov/data.himl 


improve their day-to-day operations, planning, and decision making: 


e Retail organizations monitor social networks such as Facebook, Google, 
LinkedIn, Twitter, and Yahoo to engage brand advocates, identify brand 
adversaries (and attempt to reverse their negative opinions), and even 
enable passionate customers to sell their products. 

e Advertising and marketing agencies track comments on social media to 
understand consumers’ responsiveness to ads, campaigns, and promotions. 

e Hospitals analyze medical data and patient records to try to identify 
patients likely to need readmission within a few months of discharge, 
with the goal of engaging with those patients to prevent another expen- 


sive hospital stay. 


e Consumer product companies monitor social networks to gain insight 
into customer behavior, likes and dislikes, and product perception to 
identify necessary changes to their products, services, and advertising. 

e Financial services organizations use data from customer interactions to 
identify customers who are likely to be attracted to increasingly targeted 


and sophisticated offers. 


e Manufacturers analyze minute vibration data from their equipment, 
which changes slightly as it wears down, to predict the optimal time 
to perform maintenance or replace the equipment to avoid expensive 
repairs or potentially catastrophic failure. 
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Challenges of Big Data 


Individuals, organizations, and society in general must find a way to deal with 
this ever-growing data tsunami to escape the risks of information overload. The 
challenge is manifold, with a variety of questions that must be answered, includ- 
ing how to choose what subset of data to store, where and how to store the 
data, how to find those nuggets of data that are relevant to the decision making 
at hand, how to derive value from the relevant data, and how to identify which 
data needs to be protected from unauthorized access. With so much data avail- 
able, business users can have a hard time finding the information they need to 
make decisions, and they may not trust the validity of the data they can access. 

Trying to deal with all this data from so many different sources, much of it 
from outside the organization, can also increase the risk that the organization 
fails to comply with government regulations or internal controls (see Table 6.2). 
The Security and Exchange Commission’s efforts to aggressively monitor financial 


TABLE 6.2 Partial list of rules, regulations, and standards with which U.S. information system 


organizations must comply 


Rule, Regulation, or 


Standard 


Intent 


Bank Secrecy Act 


Basel II Accord 


California Senate 
Bill 1386 


Global Data Protection 
Regulation 


Foreign Account Tax 
Compliance Act 


Foreign Corrupt 
Practices Act 


Gramm-Leach-Bliley Act 


Health Insurance 
Portability and 
Accountability Act (HIPAA) 


Payment Card Industry 
(PCI) Data Security 
Standard 


Personal Information 
Protection and Electronic 
Documents Act (Canada) 


Sarbanes-Oxley Act 


USA PATRIOT Act 


Detects and prevents money laundering by requiring financial institutions to report 
certain transactions to government agencies and to withhold from clients that such 
reports were filed about them 


Creates international standards that strengthen global capital and liquidity rules, with the 
goal of promoting a more resilient banking sector worldwide 


Protects against identity theft by imposing disclosure requirements for businesses and 
government agencies that experience security breaches that might put the personal 
information of California residents at risk; the first of many state laws aimed at protecting 
consumers from identity theft 


A set of data privacy requirements that apply across the European Union including 
non-EU organizations that market to or process information of individuals in the EU. 
In general, it increases the rights of individuals and gives them more control over their 
information. It also places obligations on organizations to obtain the consent of people 
they collect information about and to better manage this data. 


Identifies U.S. taxpayers who hold financial assets in non-U.S. financial institutions and 
offshore accounts, to ensure that they do not avoid their U.S. tax obligations 


Prevents certain classes of persons and entities from making payments to foreign 
government officials in an attempt to obtain or retain business 


Protects the privacy and security of individually identifiable financial information 
collected and processed by financial institutions 


Safeguards protect health information (PHD and electronic PHI (ePHI) data gathered in 
the health care process and standardizes certain electronic transactions within the health 
care industry 


Protects cardholder data and ensures that merchants and service providers maintain strict 
information security standards 


Governs the collection, use, and disclosure of personally identifiable information in the 
course of commercial transactions; created in response to European Union data protection 
directives 


Protects the interests of investors and consumers by requiring that the annual reports of 
public companies include an evaluation of the effectiveness of internal control over financial 
reporting; requires that the company’s CEO and CFO attest to and report on this assessment 


This wide-ranging act has many facets; one portion of the Act relating to information 
system compliance is called the Financial Anti-Terrorism Act and is designed to combat 
the financing of terrorism through money laundering and other financial crimes 
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statements and ensure compliance to all accounting standards stems from a long 
history of companies like Waste Management (1998), Enron (2001), WorldCom 
(2002), Freddie Mac (2003), American Insurance (2005), Lehman Brothers (2008), 
Satyam Computer Services (2009), MF Global Holdings (2011), and Tesco (2014) 
where accounting fraud led to tens of thousands of employees losing their jobs and. 
shareholders losing billions of dollars. A few of the companies had to declare bank- 
ruptcy and officers from several of these companies were sentenced to jail terms. 

Optimists believe that we can conquer these challenges and that more data 
will lead to more accurate analyses and better decision making, which in turn 
will result in deliberate actions that improve matters. 

Not everyone, however, is happy with big data applications. Some people 
have privacy concerns about the fact that corporations are harvesting huge 
amounts of personal data that can be shared with other organizations. With all 
this data, organizations can develop extensive profiles of people without their 
knowledge or consent. Big data also introduces security concerns. Are organi- 
zations able to keep big data secure from competitors and malicious hackers? 
Some experts believe companies that collect and store big data could be open 
to liability lawsuits from individuals and organizations. Even with these poten- 
tial disadvantages, many companies are rushing into big data due to the lure 
of a potential treasure trove of information and new applications. 


Critical Music Venue Uses Bl/Analytics to Understand Its Patrons 
Thinking yy APPLICATION 
Exercise 
The Gotham City Music Hall is an independent music venue owned and operated by 
a small group of investors. It has 3,050 seats and serves as the home for the Gotham 
City symphony orchestra and ballet company for some 55 performances each year. 
The dates of these performances are booked at least one year in advance. The investor 
group attempts to fill open dates with performances by an eclectic group of music 
groups from the classical, country, jazz, pop, R&B, and rock genres. Both established 
and new or local groups are recruited to play. The investors make heavy use of data 
from many sources to gain a better understanding of their patrons, especially their 
taste in music. They capture data about the buying habits of the more than 300,000 
patrons who come to the Music Hall each year through ticketing, concessions, and 
retail sales data. This data is used to optimize sales in every business line. The investors 
also gather data about what fans are saying on social media sites. Through surveys and 
other means, investors accumulate data about how often patrons come to the enter- 
tainment district where Music Hall is located and what they experience when they 
come. All this data is being used to identify which genres and which music groups 
would be most appealing to its patrons. Using all this data and analytical techniques, 
the investors are able to forecast future ticket sales for events to an accuracy of plus or 
minus 20 percent. The accuracy of the forecasts provides the investors with an advan- 
tage when negotiating guaranteed minimum revenue with the various music groups. 


Review Questions 


1. The Music Hall investors are gathering lots of data from many different sources. 
What characteristics does this large collection of data have in common with 
other large collections of data? 

2. What challenges do the investors have in dealing with this vast volume of data? 


Critical Thinking Questions 

1. How might it benefit the investors to know how often fans visit the entertain- 
ment district and what they do on those visits? 

2. What additional data might be gathered to further improve the accuracy of 
future ticket sales? How might this data be captured? 
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Technologies Used to Manage and Process Big Data 3 


data warehouse: A large database 
that holds business information from 
many sources in the enterprise, 
covering all aspects of the company’s 
processes, products, and customers. 


By definition, big data is a set of data so enormous and complex that traditional 
data management software, hardware, and analysis processes are incapable 
of dealing with them. As a result, several interesting and powerful technolo- 
gies have emerged to manage and process big data. This section will discuss 
data warehouses, the Extract/Transform/Load process, data marts, data lakes, 
NoSQL databases, Hadoop, and In-Memory databases. 


Data Warehouses, Data Marts, and Data Lakes 


The raw data necessary to make sound business decisions is typically stored 
in a variety of locations and formats. Much of this data is initially captured, 
stored, and managed by transaction-processing systems that are designed to 
support the day-to-day operations of an organization. For decades, organiza- 
tions have collected operational, sales, and financial data with their online 
transaction processing (OLTP) systems. These OLTP systems put data into 
databases very quickly, reliably, and efficiently, but they do not support the 
types of data analysis that today’s businesses and organizations require. With 
data warehouses and data marts, organizations are now able to access the data 
gathered via OLTP systems and other sources and use it more effectively to 
support decision making. Table 6.3 summarizes these primary characteristics 
of a data warehouse. 


TABLE 6.3 Characteristics of a data warehouse 


Characteristic Description 


Large Holds billions of records and petabytes of data 


Multiple sources Data comes from many sources both internal and 
external thus an extract, transform, load process 
is required to ensure quality data 


Historical Typically 5 years of data or more 
Cross organizational access Data accessed, used, and analyzed by users 
and analysis across the organization to support multiple 


business processes and decision making 


Supports various types of Drill down analysis, development of metrics, 
analyses and reporting identification of trends 


Data Warehouses 


A data warehouse is a large database that holds business information from 
many sources in the enterprise, covering all aspects of the company’s processes, 
products, and customers. It is not unusual for a data warehouse to contain data 
from over a dozen source systems—both systems internal to the organization 
and potentially data obtained from sources outside the organization (e.g., data 
aggregators, social media Web sites, government databases, etc.) as shown in 
Figure 6.3. This data is used by people across the organization to support vari- 
ous processes and decision making. The data in a data warehouse is historical 
data often going back 5 years or more. The data can be analyzed in many ways. 
For example, data warehouses allow users to “drill down” to get greater detail 
or “roll up” to generate aggregate or summary reports. The primary purpose 
is to relate information in innovative ways and help managers and executives 
make better decisions. 
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Elements of a data warehouse 
A data warehouse can help 
managers and executives relate 
information in innovative ways to 
make better decisions. 
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Banks, financial institutions, government agencies, manufacturers, and 
large retailers were among the early adopters of data warehouse technology 
in the late 1980s. Wal-Mart, the world’s largest retailer, developed a mastery of 
supply chain management that provided it with a distinct competitive advan- 
tage by the early 1990s. Key to this mastery was its data warehouse that held 
transaction data collected by its point-of-sales systems. This data provided a 
deep understanding of the purchasing habits of over 100 million customers at 
its 6,000 stores sourced by 25,000 suppliers. Wal-Mart’s data warehouse was 
the first commercial data warehouse to reach 1 terabyte of data in 1992. Here 
are some additional examples of companies using data warehouses. 

WHOOP is a wearable device used by professional athletes in Major League 
Baseball, the National Football League, and the National Basketball Association. 
There is increasing demand from nonprofessional athletes such as high school 
and college athletes, cyclists, runners, triathletes, and other fitness enthusiasts. 
Players wear a WHOOP on their wrist, forearm, or bicep that measures heart 
rate, motion, skin conductivity, and ambient temperature. What distinguishes 
WHOOP from other wearables is the massive amount of data it collects and 
transmits to servers for processing and analysis. Its five sensors collect data 
100 times per second. The data is transmitted via Bluetooth to a user’s mobile 
device, and from there to the cloud. WHOOP analytics software converts the 
data into three scores, assessing strain from exercise, recovery, and sleep. The 
results help users avoid overtraining, reduce injury, perform at their best, and 
even enjoy healthier lives after retirement.’ Some 24,000 American Airlines 
flight attendants can use software on their mobile devices to tap into a data 
warehouse of customer information—where and how frequently you fly, if 
they have delayed you, cancelled you, made you change your seat, or spilled 
coffee on you. Now attendants can use this information in making decisions 
to help resolve customer services issues during flight by issuing free frequent 
flyer miles or travel vouchers.‘ 


Relational Data 
databases extraction 
process 
Transform and 
load 
Flat process 
files 


Data 
warehouse 
Spreadsheets = = 


End-user access 


Query and 
analysis tools 
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Extract Transform Load (ETL) 
process: A data handling process 
that takes data from a variety of 
sources, edits and transforms it into 
the format used in the data warehouse, 
and then loads this data into the 
warehouse. 


data mart: A subset of a data 
warehouse that is used by small- 

and medium-sized businesses and 
departments within large companies to 
support decision making. 


data lake: A “store everything” 
approach to big data that saves all the 
data in its raw and unaltered form. 


Because data warehouses are used for decision making, maintaining a 
high quality of data is vital so that organizations avoid wrong conclusions. For 
instance, duplicated or missing information will produce incorrect or mislead- 
ing statistics (“garbage in, garbage out”). Due to the wide range of possible 
data inconsistencies and the sheer data volume, data quality is considered one 
of the biggest issues in data warehousing. 

Data warehouses are continuously refreshed with huge amounts of data 
from a variety of sources so the probability that some of the sources contain 
“dirty data” is high. The Extract Transform Load (ETL) process takes data 
from a variety of sources, edits and transforms it into the format used in the 
data warehouse, and then loads this data into the warehouse, as shown in 
Figure 6.3. This process is essential in ensuring the quality of the data in the 
data warehouse. 


e Extract. Source data for the data warehouse comes from many sources 
and systems. The goal of this process is to extract the source data from 
all the various sources and convert it into a single format suitable for 
processing. During the extract step, data that fails to meet expected pat- 
terns or values may be rejected from further processing (e.g., blank or 
nonnumeric data in net sales field or a product code outside the defined 
range of valid codes). 

e Transform. During this stage of the ETL process, a series of rules or 
algorithms are applied to the extracted data to derive the data that will 
be stored in the data warehouse. A common type of transformation is to 
convert a customer’s street address, city, state, and zip code to an orga- 
nization-assigned sales district or government census tract. Also, data is 
often aggregated to reduce the processing time required to create antic- 
ipated reports. For example, total sales may be accumulated by store or 
sales district. 

e Load. During this stage of the ETL process, the extracted and trans- 
formed data is loaded into the data warehouse. As the data is being 
loaded into the data warehouse, new indices are created and the data is 
checked against the constraints defined in the database schema to ensure 
its quality. As a result, the data load stage for a large data warehouse can 
take days. 


A large number of software tools are available to support these ETL tasks, 
including Ab Initio, IBM InfoSphere Datastage, Oracle Data Integrator, and the 
SAP Data Integrator. Several open-source ETL tools are also available, including 
Apatar, Clover ETL, Pentaho, and Talend. 


Data Marts 


A data mart is a subset of a data warehouse. Data marts bring the data ware- 
house concept—lots of data from many sources—to small- and medium-sized 
businesses and to departments within larger companies. Rather than store all 
enterprise data in one monolithic database, data marts contain a subset of the 
data for a single aspect of a company’s business—for example, finance, inven- 
tory, or personnel. 


Data Lakes 


A traditional data warehouse is created by extracting (and discarding some 
data in the process), transforming (modifying), and loading incoming data for 
predetermined and specific analyses and applications. This process can be 
lengthy and computer intensive, taking days to complete. A data lake takes 
a “store everything” approach to big data, saving all the data in its raw and 
unaltered form. The raw data residing in a data lake is available when users 
decide just how they want to use the data to glean new insights. Only when 
the data is accessed for a specific analysis is it extracted from the data lake, 
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classified, organized, edited, or transformed. Thus, a data lake serves as the 
definitive source of data in its original, unaltered form. Its contents can include 
business transactions, clickstream data, sensor data, server logs, social media, 
videos, and more. 

Bechtel is a global engineering, construction, and project management 
company whose accomplishments include building the Hoover Dam, English 
Channel Tunnel, and other engineering marvels. The company built a 5-petabyte 
data lake of data that consolidates years of data from hundreds of projects 
worldwide that provides insights from past and current projects and enables 
better forecasts of the outcomes of current projects. This analysis provides 
actionable insights that help the company cut costs, increase its competitive- 
ness, and allow it to win more contracts.’ 


NoSQL Databases 


NoSQL database: A way to store A NoSQL database differs from a relational database in that it provides a 

and retrieve data that is modeled using means to store and retrieve data that is modeled using some means other 

Bore means ONGAN: me Simple than the simple two-dimensional tabular relations used in relational data- 

two-dimensional tabular relations used : , x : 

intalational databases. bases. Such databases are being used to deal with the variety of data found in 
big data and Web applications. A second difference is that NoSQL databases 
have the capability to spread data over multiple servers so that each server 
contains only a subset of the total data. This so-called horizontal scaling 
capability enables hundreds or even thousands of servers to operate on the 
data, providing faster response times for queries and updates. Most relational 
database management systems have problems with such horizontal scaling 
and instead require large, powerful, and expensive proprietary servers and 
large storage systems. 

A third difference between relational and NoSQL databases is that NOSQL 
database do not require a predefined schema; data entities can have attributes 
edited or assigned to them at any time. If a new entity or attribute is discov- 
ered, it can be added to the database dynamically, extending what is already 
modelled in the database. 

A fourth difference is that NoSQL databases do not conform to true ACID 
properties when processing transactions. Instead they provide for “eventual 
consistency” in which database changes are propagated to all nodes eventually 
(typically within milliseconds), so it is possible that user queries for data might 
not return the most current data. 

The choice of a relational database management system versus a NoSQL 
solution depends on the problem that needs to be addressed. Often, the data 
structures used by NoSQL databases are more flexible than relational data- 
base tables and, in many cases, they can provide improved access speed and 
redundancy. 

The four main categories of NoSQL databases and offerings for each cat- 
egory are shown in Table 6.4 and summarized below. Note that some NoSQL 
database products can meet the needs of more than one category. 


e Key-value NoSQL databases are similar to SQL databases, but have only 
two columns (“key” and “value”), with more complex information some- 
times stored within the “value” columns. 

e Document NoSQL databases are used to store, retrieve, and manage 
document-oriented information, such as social media posts and 
multimedia, also known as semi-structured data. 

e Graph NoSQL databases are used to understand the relationships among 
events, people, transactions, locations, and sensor readings and are well- 
suited for analyzing interconnections such as when extracting data from 
social media. 

e Column NoSQL databases store data in columns, rather than in rows, and 
are able to deliver fast response times for large volumes of data. 
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Hadoop: An open-source software 
framework including several software 
modules that provide a means for 
storing and processing extremely large 
data sets. 


Hadoop environment 

Hadoop can be used as a staging 
area for data to be loaded into a 
data warehouse or data mart. 


TABLE 6.4 Popular NoSQL database products, by category 


Key-Value Document Graph Column 
Redis Lotus Notes Allegro Accumulo 
Couchbase Server Couchbase Server Neo4J Cassandra 
Oracle NoSQL Database Oracle NoSQL Database InfiniteGraph Druid 
OrientDB OrientDB OrientDB Vertica 
HyperDEX MongoDB Virtuoso HBase 


Predix is a software platform created by General Electric for the collection 
and analysis of large volumes of data from industrial devices. Couchbase Mobile, 
a NoSQL database, is used to store the data.° Qantas built a flight application 
using Predix to collect data (wind speeds, ambient temperatures, weight of the 
plane, maximum thrust, fuel consumption, etc.) about each of its aircraft during 
flight. This data is analyzed to help pilots make decisions to minimize fuel con- 
sumption and reduce carbon emissions while still meeting flight schedules.’ 

Amazon DynamoDB is a NoSQL database that supports both document and 
key-value store models. MLB Advanced Media (MLBAM) used DynamoDB to 
build its innovative Player Tracking System, which reveals detailed information 
about the nuances and athleticism of the game. Fans, broadcasters, and teams 
are finding this new data entertaining and useful. The system takes in data 
from ballparks across North America and provides enough computing power 
to support real-time analytics and produce results in seconds.’ 


Hadoop is an open-source software framework that includes several software 
modules that provide a means for storing and processing extremely large 
data sets, as shown in Figure 6.4. Hadoop has two primary components: a 
data processing component (a Java-based system called MapReduce, which is 
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Hadoop Distributed File 
System (HDFS): A system used for 
data storage that divides the data into 
subsets and distributes the subsets 
onto different servers for processing. 


MapReduce program: A 
composite program that consists of a 
Map procedure that performs filtering 
and sorting and a Reduce method that 
performs a summary operation. 


in-memory database (IMDB): A 
database management system that 
stores the entire database in random 
access memory (RAM). 
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discussed in the next section) and a distributed file system called the Hadoop 
Distributed File System (HDFS) for data storage. Hadoop divides data into 
subsets and distributes the subsets onto different servers for processing. A 
Hadoop cluster may consist of thousands of servers. In a Hadoop cluster, a 
subset of the data within the HDFS and the MapReduce system are housed 
on every server in the cluster. This places the data processing software on the 
same servers where the data is stored, thus speeding up data retrieval. This 
approach creates a highly redundant computing environment that allows the 
application to keep running even if individual servers fail. 

A MapReduce program is composed of a Map procedure that performs filter- 
ing and sorting (such as sorting customer orders by product ID into queues, with 
one queue for each product ID) and a Reduce method that performs a summary 
operation (such as counting the number of orders in each queue, thus determin- 
ing product ID frequencies). MapReduce employs a JobTracker that resides on 
the Hadoop master server as well as TaskTrackers that sit on each server within 
the Hadoop cluster of servers. The JobTracker divides the computing job up into 
well-defined tasks and moves those tasks out to the individual TaskTrackers on the 
servers in the Hadoop cluster where the needed data resides. These servers operate 
in parallel to complete the necessary computing. Once their work is complete, the 
resulting subset of data is reduced back to the central node of the Hadoop cluster. 

For years, Yahoo! used Hadoop to better personalize the ads and articles 
that its visitors see. Now Hadoop is used by many popular Web sites and ser- 
vices (such as eBay, Etsy, Twitter, and Yelp). Verizon Wireless uses big data 
to perform customer churn analysis to get a better sense of when a customer 
becomes dissatisfied. Hadoop allows Verizon to include more detailed data 
about each customer, including clickstream data, chats, and even social media 
searches, to predict when a customer might switch to a new carrier. 

Hadoop has a limitation in that it can only perform batch processing; it 
cannot process real-time streaming data such as stock prices as they flow into 
the various stock exchanges. However, Apache Storm and Apache Spark are 
often integrated with Hadoop to provide real-time data processing. Apache 
Storm is a free and open source distributed real-time computation system. 
Storm makes it easy to reliably process unbounded streams of data. Apache 
Spark is a framework for performing general data analytics in a distributed 
computing cluster environment like Hadoop. It provides in memory computa- 
tions for increased speed of data processing. Both Storm and Spark run on top 
of an existing Hadoop cluster and access data in a Hadoop data store (HDFS). 

Medscape MedPulse is a medical news app for iPhone and iPad users that 
enables health care professionals to stay up-to-date on the latest medical news 
and expert perspectives. The app uses Apache Storm to include an automatic 
Twitter feed (about 500 million tweets per day are tweeted on Twitter) to help 
users stay informed about important medical trends being shared in real time 
by physicians and other leading medical commentators.” 


In-Memory Databases 


An in-memory database (IMDB) is a database management system that stores 
the entire database in random access memory (RAM). This approach provides 
access to data at rates much faster than storing data on some form of secondary 
storage (e.g., a hard drive or flash drive) as is done with traditional database 
management systems. IMDBs enable the analysis of big data and other chal- 
lenging data-processing applications, and they have become feasible because 
of the increase in RAM capacities and a corresponding decrease in RAM costs. 
In-memory databases perform best on multiple multicore CPUs that can pro- 
cess parallel requests to the data, further speeding access to and processing of 
large amounts of data.'! Furthermore, the advent of 64-bit processors enabled 
the direct addressing of larger amounts of main memory. Some of the leading 
providers of IMDBs are shown in Table 6.5. 
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Critical 
Thinking 
Exercise 


TABLE 6.5 IMDB providers 


Database Software 


Manufacturer Product Name Major Customers 
Altibase HDB E*Trade, China Telecom 
Oracle Times Ten Lockheed Martin, 


Verizon Wireless 


SAP High-Performance Analytic eBay, Colgate 
Appliance (HANA) 
Software AG Terracotta Big Memory AdJuggler 


KDDI Corporation is a Japanese telecommunications company that pro- 
vides mobile cellular services for some 40 million customers. The company 
consolidated 40 existing servers into a single Oracle SuperCluster running the 
Oracle Times Ten in-memory database to make its authentication system that 
manages subscriber and connectivity data run faster and more efficiently. This 
move reduced its data center footprint by 83 percent and power consumption 
by 70 percent while improving the overall performance and availability of the 
system. As a result, system costs were reduced, and customer service improved.” 


Netflix Uses Analytics to Pick Winners 
æ ANALYTICAL THINKING 


Netflix users generate a large amount of detailed information about their inter- 
ests, tastes, and viewing habits. It uses this data and analytics to generate viewing 
recommendations which users appreciate because they are usually right. Netflix 
also uses data and analytics to predict user demand for the many productions it is 
considering adding to its lineup. When Netflix cuts a deal with talent like Martin 
Scorsese, Ryan Reynolds, or the Obamas, it is based on a data model that predicts 
the probability of success of a certain combination of talent, likely plots, and 
other factors. Not only can Netflix predict the probability of success, it can predict 
with a high degree of accuracy which of its subscribers will watch a given series. 


Review Questions 


1. What tools and technologies might Netflix use to store and process all this data? 
2. Why may have it been necessary to perform an ETL process on all this data? 


Critical Thinking Questions 

1. Netflix recently eliminated its five-star review system and stopped capturing 
user-submitted reviews. Instead, it now employs a simpler “thumbs up/thumbs 
down” feature. Netflix also implemented a personalized match score that aims 
to pair viewers up with their ideal content based on their viewing habits. 
Such a change seems almost counterintuitive for an organization that wants to 
understand its viewers’ interests. Can you offer an explanation for this change? 

2. Would there be value to augmenting Netflix sourced data with data from social 
media networks or Internet searches? What additional value might this data add? 


Analytics and Business Intelligence 5 A 


The terms business intelligence (BI) and analytics are often used interchange- 
ably, however, there is a difference. BI is used to analyze historical data to tell 
what happened or is happening right now in your business. BI helps the orga- 
nization to learn from past mistakes, build on past successes. This knowledge 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


business intelligence (BI): A 
wide range of applications, practices, 
and technologies for the extraction, 
transformation, integration, 
visualization, analysis, interpretation, 
and presentation of data to support 
improved decision making. 


analytics: The extensive use of data 
and quantitative analysis to support 
fact-based decision making within 
organizations. 
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can then be fed into the initiative planning process, imitating what works and 
altering what doesn’t. Analytics employs algorithms to determine relationships 
among data to develop predictions of what will happen in the future. This 
enables the organization to anticipate new developments and make changes 
now to improve future outcomes. 

Business intelligence (BI) includes a wide range of applications, 
practices, and technologies for the extraction, transformation, integration, 
visualization, analysis, interpretation, and presentation of data to support 
improved decision making. The data used in BI is often pulled from multiple 
sources and may come from sources internal or external to the organization. 
Many organizations use this data to build data warehouses, data marts, and 
data lakes, for use in BI applications. Users, including employees, custom- 
ers, and authorized suppliers and business partners, may access the data 
and BI applications via the Web or through organizational intranets and 
extranets—often using mobile devices, such as smartphones and tablets. 
The goal of business intelligence is to get the most value out of information 
and present the results of analysis in an easy to understand manner that the 
layman can understand. 

Analytics can be defined as the extensive use of data and quantitative 
analysis to support fact-based decision making within organizations. Business 
analytics can be used to gain a better understanding of current business per- 
formance, reveal new business patterns and relationships, explain why certain 
results occurred, optimize current operations, and forecast future business 
results. 

Often the data used in BI and analytics must be gathered from a variety of 
sources. Envoy is a visitor registration product that eliminates the traditional 
paper and pen sign-in process and replaces it with an efficient iPad sign-in 
process. Instant notifications triggered at sign-in alert your employees that 
their visitor has arrived. Visitors can be notified of your specific site policies, 
right when they sign in. Any forms necessary for the visit (e.g., confidential 
nondisclosure) can be presented for signature and a record captured for legal 
purposes. 

Envoy had lots of data about how potential customers went through the 
firm’s various sales funnels including Google, Facebook, company Web site, 
free trial subscription, and salesperson conversation. The problem was this data 
was stored in five different systems and the data was not easily shareable or 
able to be combined. As a result, the firm lacked a clear view of how custom- 
ers went through any of its conversion funnels. The organization moved to a 
data warehouse solution to store all this data and make it useable by the entire 
organization. This gave the Envoy team the full picture of how it converted 
potential customer to customer. The firm learned that its trials to paid customer 
conversions were a lot lower than originally thought. It became clear that its 
onboarding process wasn’t as effective as it needed to be in getting users fully 
activated. So, the firm created a new setup guide to take people through the 
on-boarding steps easier.” 


Benefits Achieved from BI and Analytics 


BI and analytics are used to achieve a number of benefits as illustrated in the 
following examples: 


e Detect fraud. MetLife implemented analytical software to help its special 
investigations unit (SIU) identify medical provider, attorney, and repair 
shop fraud. Although an accident claim may not have enough data to be 
flagged as suspicious when it is first filed, as more claim data is added, a 
claim is continually rescored by the software. After the first six months of 
using the software, the number of claims under investigation by the SIU 
increased 16 percent." 
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data scientist: An individual who 
combines strong business acumen, a 
deep understanding of analytics, and a 
healthy appreciation of the limitations 
of data, tools, and techniques to 
deliver real improvements in decision 
making. 


e Improve forecasting. Kroger serves customers in 2,422 supermarkets and 
1,950 in-store pharmacies. The company found that by better predicting 
pharmacy customer demand, it could reduce the number of prescriptions 
that it was unable to fill because a drug is out of stock. To do so, Kroger 
developed a sophisticated inventory management system that could pro- 
vide employees with a visualization of inventory levels, adapt to user 
feedback, and support “what-if” analysis. Out-of-stock prescriptions have 
been reduced by 1.5 million per year, with a resulting increase in sales 
of $80 million per year. In addition, by carrying the right drugs in the 
right quantities, Kroger was able to reduce its overall inventory costs by 
$120 million per year." 

e Increase Sales. DaimlerChrysler and many other auto manufacturers 
set their suggested retail and wholesale prices for the year, then adjust 
pricing through seasonal incentives based on the impact of supply and 
demand. DaimlerChrysler implemented a price-elasticity model to opti- 
mize the company’s pricing decisions. The system enables managers 
to evaluate many potential incentives for each combination of vehicle 
model (e.g., Jeep Grand Cherokee), acquisition method (cash, finance, or 
lease), and incentive program (cash back, promotional APR, and a com- 
bination of cash back and promotional APR). The firm estimates that use 
of the system has generated additional annual sales of $500 million. 

e Optimize operations. Chevron is one of the world’s leading integrated 
energy companies. Its refineries work with crude oil that is used to make 
a wide range of oil products, including gasoline, jet fuel, diesel fuel, 
lubricants, and specialty products such as additives. With market prices 
of crude oil and its various products constantly changing, determining 
which products to refine at a given time is quite complex. Chevron uses 
an analytical system called Petro to aid analysts in advising the refineries 
and oil traders on the mix of products to produce, buy, and sell in order 
to maximize profit." 

e Reduce costs. Coca-Cola Enterprises is the world’s largest bottler and 
distributor of Coca Cola products. Its delivery fleet of 54,000 trucks is 
second in size to only to the U.S. Postal Service. Using analytics software, 
the firm implemented a vehicle-routing optimization system that resulted 
in savings of $45 million a year from reduced gas consumption and 
reduction in the number of drivers required.'® 


The Role of a Data Scientist 


A data scientist is an individual who combines strong business acumen, a 
deep understanding of analytics, and a healthy appreciation of the limita- 
tions of data, tools, and techniques to deliver real improvements in decision 
making. Data scientists do not simply collect and report on data; they view a 
situation from many angles, determine what data and tools can help further an 
understanding of the situation, and then apply the appropriate data and tools. 
They often work in a team setting with business managers and specialists 
from the business area being studied, market research and financial analysts, 
data stewards, information system resources, and experts highly knowledge- 
able about the company’s competitors, markets, products, and services. The 
goal of the data scientist is to uncover valuable insights that will influence 
organizational decisions and help the organization to achieve competitive 
advantage. 

Data scientists are highly inquisitive, continually asking questions, perform- 
ing “what-if” analyses, and challenging assumptions and existing processes. 
Successful data scientists have an ability to communicate their findings to 
organizational leaders so convincingly that they are able to strongly influence 
how an organization approaches a business opportunity. 
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The educational requirements for being a data scientist are quite rigorous— 
requiring a mastery of statistics, math, and computer programming. Most data 
scientist positions require an advanced degree, such as a master’s degree 
or a doctorate. Some organizations accept data scientists with undergradu- 
ate degrees in an analytical concentration, such as computer science, math 
and statistics, management information systems, economics, and engineering. 
American University, Boston University, Colorado Technical University, George 
Washington University, Syracuse University, University of California-Berkeley, 
and Villanova University are among the many schools that offer master’s degree 
programs related to BI and analytics. 

Many schools also offer career-focused courses, degrees, and certificates in 
analytical-related disciplines such as database management, predictive analyt- 
ics, BI, big data analysis, and data mining. Such courses provide a great way for 
current business and information systems professionals to learn data scientist 
skills. Most data scientists have computer programming skills and are familiar 
with languages and tools used to process big data, such as Hadoop, Hive, SQL, 
Python, R, and Java. 

The job outlook for data scientists is extremely bright. The McKinsey 
Global Institute (the business and economics research arm of the management 
consulting firm McKinsey & Co.) suggests that demand for data scientists could 
outpace supply by as many as 250,000 jobs in 2024.'° The average salary for 
a data scientist is $119,000. Highly talented, educated, and experienced data 
scientists can expect to earn in the neighborhood of $175,000.” 


Components Required for Effective BI and Analytics 


Three key components must be in place for an organization to get real value 
from its BI and analytics efforts. First and foremost is the existence of a solid 
data management program, including data governance. Recall that data man- 
agement is an integrated set of functions that defines the processes by which 
data is obtained, certified fit for use, stored, secured, and processed in such 
a way as to ensure that the accessibility, reliability, and timeliness of the data 
meet the needs of the data users within an organization. Data governance is 
the core component of data management; it defines the roles, responsibilities, 
and processes for ensuring that data can be trusted and used by the entire 
organization, with people identified and in place who are responsible for fixing 
and preventing issues with data. 

Another key component that an organization needs is creative data 
scientists—people who understand the business as well as the business ana- 
lytics technology, while also recognizing the limitations of their data, tools, and 
techniques. A data scientist puts all of this together to deliver real improve- 
ments in decision making with an organization. 

Finally, to ensure the success of a BI and analytics program, the manage- 
ment team within an organization must have a strong commitment to data- 
driven decision making. Organizations that can put the necessary components 
in place can act quickly to make superior decisions in uncertain and changing 
environments to gain a strong competitive advantage. 


Critical Location, Location, Location 


Thinking © ANALYTICAL THINKING 
Exercise 


The Marriott name encompasses numerous brands such as Courtyard, Element by 
Westin, Fairfield Inn and Suites, Residence Inn, Sheraton Four Points, and Starwood 
Hotels & Resorts. Collectively, these brands will open over 300 hotels each year. 
Building the right type of hotel in the right location is an essential element of 
Marriott’s success. Marriott employs big data and analytics plus Buxton, a customer 
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analytics company, to ensure its continuing success. Buxton collects data from 
116 million households including household profile; type of jobs held by family 
members; their salaries; where and how they spend their money; and even the 
type of jeans they buy. It combines this data with travel information—how often 
someone travels, is it for business or leisure, where do they live, and to where 
do they travel. Guest information data from each visit to a Marriott hotel is also 
gathered—length of stay, type of room, spending details from the hotel’s bar or 
restaurant. Analysis of all this data enables Bruxton to advise Marriott where the 
unmet demand is for additional hotels. Marriott can then make informed decisions 
related to future development such as “What type of hotel should we build in South 
Dakota around an oil field? How many and what type of hotels should we build 
near the beach in the Caribbean?””! 


Review Questions 

1. What are the key components that Buxton must put into place to create an 
environment for a successful BI and analytics program? 

2. What complications can arise trying to combine household data, travel infor- 
mation, and hotel guest data from the various Marriott brands? 


Critical Thinking Questions 


1. How would you distinguish between BI and analytics? How might Marriott 
employ BI to monitor what is happening right now in its business? 
2. Why would Marriott entrust Bruxton with advising it on such a key decision? 


Should Marriott develop its own internal resources to take over this role? Why 


or why not? 


This section introduces and provides examples of many BI and analytics tools. 
These tools can be classified into five broad categories: descriptive analysis, 
predictive analysis, optimization, simulation, and text and video analysis as 
shown in Table 6.6. 


Business Intelligence and Analytics Tools 


TABLE 6-6 General categories of Bl/analytic techniques 


General Categories of BI/Analytic Techniques 


Descriptive Analysis Simulation 


Predictive Analytics 


Optimization Text and Video Analysis 


Specific Techniques 


Visual analytics Time series analysis Genetic algorithm Scenario analysis Text analysis 


Monte Carlo 
simulation 


Linear 
programming 


Regression analysis Data mining Video analysis 


Descriptive Analysis 


Descriptive analysis: A 
preliminary data processing stage 
used to identify patterns in the data 
and answer questions about who, 
what, where, when, and to what extent. 


Descriptive analysis is a preliminary data processing stage used to identify 
patterns in the data and answer questions about who, what, where, when, 
and to what extent. It is used to provide information about what happened 
and why. You might see, for example, an increase in a stock price following 
a series of positive tweets on Twitter by popular market analysts. There are 
many descriptive analysis techniques. We will cover two: visual analytics and 
regression analysis. 
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visual analytics: The presentation 
of data in a pictorial or graphical 
format. 


word cloud: A visual depiction of a 
set of words that have been grouped 

together because of the frequency of 

their occurrence. 


FIGURE 6.5 
Word cloud 


This Word cloud shows the topics 
covered in this chapter. 


conversion funnel: A graphical 
representation that summarizes the 
steps a consumer takes in making 
the decision to buy your product and 
become a customer. 
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Visual Analytics 

Visual analytics is the presentation of data in a pictorial or graphical format. 
The human brain works such that most people are better able to see signifi- 
cant trends, patterns, and relationships in data that is presented in a graphical 
format rather than in tabular reports and spreadsheets. As a result, decision 
makers welcome data visualization software that presents analytical results 
visually. In addition, representing data in visual form is a recognized tech- 
nique to bring immediate impact to dull and boring numbers. A wide array of 
tools and techniques are available for creating visual representations that can 
immediately reveal otherwise difficult-to-perceive patterns or relationships in 
the underlying data. 

Many companies now troll Facebook, Google Plus, LinkedIn, Pinterest, 
Tumblr, Twitter, and other social media feeds to monitor any mention of their 
company or product. Visual analytics tools can take that raw data and imme- 
diately provide a rich visual that reveals precisely who is talking about the 
product and what they are saying. Techniques as simple and intuitive as a 
word cloud can provide a surprisingly effective visual summary of conver- 
sations, reviews, and user feedback about a new product. A word cloud is a 
visual depiction of a set of words that have been grouped together because of 
the frequency of their occurrence. Word clouds are generated from analyses 
of text documents or Web pages. Using the text from these sources, a simple 
count is carried out on the number of times a word or phrase appears. Words 
or phrases that have been mentioned more often than other words or phrases 
are shown in a larger font size and/or a darker color, as shown in Figure 6.5. 
ABCya, Image Chef, TagCloud, ToCloud, Tagul, and Wordle are examples of 
word cloud generator software. 
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A conversion funnel is a graphical representation that summarizes the 
steps a consumer takes in making the decision to buy your product and 
become a customer. It provides a visual representation of the conversion data 
between each step and enables decision makers to see what steps are causing 
customers confusion or trouble. Figure 6.6 shows a conversion funnel for an 
online sales organization. It shows where visitors to a Web site are dropping 
off the successful sales path. 
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FIGURE 6.6 
The conversion funnel os Visit Visit 
The conversion funnel shows the Visit 
key steps in converting a consumer 
to a buyer. 


Visit 
‘S visit 


Cart additions 
23% 


Checkouts 
11% 


Purchases 
3% 


Dozens of data visualization software products are available for creat- 
ing various charts, graphs, infographics, and data maps (see Figure 6.7). 
Some of the more common products include Google Charts, iCharts, 
Infogram, Modest Maps, SAS Visual Statistics, and Tableau. These tools 
make it easy to visually explore data on the fly, spot patterns, and quickly 
gain insights. 


Age vs. Weight comparison 
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FIGURE 6.7 s 
Data visualization 5.0 g 
This scatter diagram shows the Pe 
relationship between age and 25 
weight. 
Source: “Visualization: Scatter Chart,” 
Google Charts, https://developers.google aa 25 5.0 75 10.0 125 15.0 
.com/chart/interactive/docs/gallery/ 
scatterchart, accessed April 10, 2019. Age 
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regression analysis: A method for 
determining the relationship between 
a dependent variable and one or more 
independent variables. 


predictive analytics: A set of 
techniques used to analyze current 
data to identify future probabilities and 
trends, as well make predictions about 
the future. 


time series analysis: The use 

of statistical methods to analyze time 
series data and determine useful 
statistics and characteristics about the 
data. 


data mining: A BI analytics tool 
used to explore large amounts of 
data for hidden patterns to predict 
future trends and behaviors for use in 
decision making. 
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Regression Analysis 

Regression analysis involves determining the relationship between a depen- 
dent variable (y) and one or more independent variables (x,,x,,---x,). It is a 
proven method for determining which variables have an impact on the depen- 
dent variable. It also enables you to determine which factors (independent 
variables) matter most, which factors can be ignored, and how these factors 
influence each other. Regression analysis produces a regression equation where 
the coefficients represent the relationship between each independent variable 
and the dependent variable. The regression equation can be used to make 
predictions. 

A pharmaceutical company might use regression analysis to predict its 
shelf life to meet FDA regulations and identify a suitable expiration date for 
the drug. The dependent variable would be shelf life. The dependent variables 
could be the average temperature and relative humidity at which the drug will 
be stored. 


Estimated shelf life = a + b X temperature + c X relative humidity 


Estimates of the parameter values (a, b, and c) are used to develop a ten- 
tative regression equation. Various tests are then used to assess if the model is 
sufficiently accurate. If the model is deemed satisfactory, the regression equa- 
tion can be used to predict the value of the dependent variable given values 
for the independent variables. 


Predictive Analytics 


Predictive analytics is a set of techniques used to analyze current data to iden- 
tify future probabilities and trends, as well make predictions about the future. 
Predictive analytics can employ many different techniques. These techniques 
capture relationships among the many variables in a problem and enable one 
to assess the risk or potential opportunity associated with a specific set of 
conditions. This section will discuss two predictive analytics techniques—time 
series analysis and data mining. 


Time Series Analysis 
Time series data is a sequence of well-defined data points measured at uniform 
time intervals over a long period of time. An example would be the hourly 
temperature, humidity, and barometric pressure at the end of the pier at Malibu 
Beach, CA dating back to 1976. Other examples include daily high and low 
stock prices, daily home energy usage, and your weight at 11 am each day. 
All are examples of time series data that can be collected at regular intervals. 
Time series analysis is the use of statistical methods to analyze time 
series data and extract meaningful statistics and characteristics about the data. 
Time series analysis can be used to solve such problems such as predicting 
hour-by-hour the number of patients in a hospital emergency room so staff- 
ing levels can be optimized, forecasting future product demand to determine 
how much production and raw materials are required, and more. Time series 
analysis helps us understand what the underlying forces leading to a particular 
trend in the time series data points are. It is used in forecasting and monitoring 
the data points by fitting appropriate models to it. Time series analysis can be 
used to understand the past as well as forecast the future. 


Data Mining 


Data mining is a BI analytics tool used to explore large amounts of data for 
hidden patterns to predict future trends and behaviors for use in decision 
making. Used appropriately, data mining tools enable organizations to make 
predictions about what will happen so that managers can be proactive in cap- 
italizing on opportunities and avoiding potential problems. 
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Among the three most commonly used data mining techniques are associ- 
ation analysis (a specialized set of algorithms sorts through data and forms sta- 
tistical rules about relationships among the items), neural computing (historical 
data is examined for patterns that are then used to make predictions), and case- 
based reasoning (historical if-then-else cases are used to recognize patterns). 


Cross-Industry Process for The Cross-Industry Process for Data Mining (CRISP-DM) is a six-phase 
Data Mining (CRISP-DM): A structured approach for the planning and execution of a data mining project (see 


six-phase structured approach for 
the planning and execution of a data 
mining project. 


Figure 6.8). It is a robust and well-proven methodology, and although it was first 
conceived in 1999, it remains the most widely used methodology for data mining 
projects.” The goals for each step of the process are summarized in Table 6.7. 


Business 
understanding 


Data 
understanding 


Data 
preparation 


Deployment 


FIGURE 6.8 


The Cross-Industry Process 


for Data Mining (CRISP-DM) 
CRISP-DM provides a structured 
approach for planning and 
executing a data mining project. 
Source: Piatetsky, Gregory, “CRISP-DM, 
Still the Top Methodology for Analytics, 
Data Mining, or Data Science Projects,” 
KDNuggets, October 28, 2014, www 
.kdnuggets.com/2014/10/crisp-dm-top- 
methodology-analytics-data-mining-data- 
science-projects. html. 


Modeling 


Evaluation 


TABLE 6.7 Goals for each phase of CRISP-DM 


Phase Goal 


Business understanding © Clarify the business goals for the data mining 
project, convert the goals into a predictive analysis 
problem, and design a project plan to accomplish 
these objectives. 


Data understanding © Gather data to be used (may involve multiple 
sources), become familiar with the data, and identify 
any data quality problems (lack of data, missing data, 
data needs adjustment, etc.) that must be addressed. 


Data preparation © Select a subset of data to be used, clean data to 
address quality issues, and transform data into 
form suitable for analysis. 


Modeling e Apply selected modelling techniques. 
Evaluation e Assess if the model achieves business goals. 
Deployment è Deploy the model into the organization’s decision- 


making process. 


SOURCE: Leaper, Nicole, “A Visual Guide to CRISP-DM Methodology,” hitps://exde files.wordpress. 
com/2009/03/crisp_visualguide.pdf, accessed September 9, 2018. 
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genetic algorithm: A technique 
that employs a natural selection-like 
process to find approximate solutions 
to optimization and search problems. 


Linear programming: A technique 
for finding the optimum value 

(largest or smallest, depending on 

the problem) of a linear expression 
(called the objective function) that is 
calculated based on the value of a set 
of decision variables that are subject to 
a set of constraints. 
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Here are a few examples showing how data mining can be used: 


e Based on past responses to promotional mailings, identify those consum- 
ers most likely to take advantage of future mailings. 

e Examine retail sales data to identify seemingly unrelated products that 
are frequently purchased together. 

e Monitor credit card transactions to identify likely fraudulent requests for 
authorization. 

e Use hotel booking data to adjust room rates to maximize revenue. 

e Analyze demographic data and behavior data about potential customers 
to identify those who would be the most profitable customers to recruit. 

e Study demographic data and the characteristics of an organization’s most 
valuable employees to help focus future recruiting efforts. 

e Recognize how changes in an individual’s DNA sequence affect the risk 
of developing common diseases such as Alzheimer’s or cancer. 


Optimization 
Optimization techniques are used every day in the organization, often to allo- 
cate scarce resources in such a manner as to minimize costs or maximize profits. 


Genetic Algorithm 

Darwinism is a theory of biological evolution credited to the English natural- 
ist Charles Darwin. The theory states that all species of organisms arise and 
develop through the natural selection of small, inherited variations. These 
variations increase the individual’s ability to survive, compete, and reproduce. 
As random genetic mutations occur within an organism’s genetic code, the ben- 
eficial mutations are preserved and passed on to the next generation because 
they aid survival. This process is known as “natural selection.” 

A genetic algorithm is a technique that employs a natural selection-like 
process to find approximate solutions to optimization and search problems. 
Genetic algorithms are typically implemented as a computer simulation. The 
simulation starts with a population of abstract representations (called chromo- 
somes) of candidate solutions (called individuals) to an optimization problem. 
Through computer simulation, this initial population gradually evolves toward 
better and better solutions. In each generation, the fitness of the whole pop- 
ulation is evaluated. Then multiple individuals are selected from the current 
population (based on their fitness) and modified (mutated or recombined) to 
form a new population. The new population is then used in the next iteration 
of the algorithm. This process is depicted in Figure 6.9. 

Facebook has many large data centers spread across the United States. These 
data centers transfer lots of data across its network from site to site. Traffic vol- 
ume varies based on time of day and day of the month. Facebook used a genetic 
algorithm to design and build that network. The algorithm determined where 
to put the various network nodes, how many data routers to use, and where 
to put them. In just a few minutes the genetic algorithm was able to come up 
with a solution that was 25 percent cheaper than previous manual solutions.” 


Linear Programming 
Linear programming is a technique for finding the optimum value (largest or 
smallest, depending on the problem) of a linear expression (called the objective 
function) that is calculated based on the value of a set of decision variables that 
are subject to a set of constraints. For a problem to be a linear programming 
problem, the decision variables, objective function, decision variables, and 
constraints all must be linear functions. 

Solver is a Microsoft Excel add-in program for solving linear programming 
problems. It can find an optimal (maximum or minimum) value for a formula 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


230 PART 2 @ Technology Infrastructure 


FIGURE 6.9 


Multi-step process of genetic 
algorithm 


Scenario analysis: A process 
for predicting future values based on 
certain potential events. 


Create initial population 
Set mutation and crossover rate 
Set termination criteria 


Perform fitness evaluation 


Display results 


Mutation | 


Y 
Generate new population 


in one cell (the objective cell) subject to constraints, or limits, set on the values 
of other variables (decision variables) used to compute the formulas in the 
objective and constraint cells. Solver adjusts the values in the decision variable 
cells to satisfy the limits set by the constraint cells and produce the optimal 
value for the objective cell. 


Simulation 


Computer simulation involves using a model expressed in the form of a com- 
puter program to emulate the dynamic responses of a real-world system to var- 
ious inputs. The model is composed of equations that duplicate the functional 
relationships within the real system. Simulation has been used to analyze and 
understand many systems including the formation of the universe, the behavior 
of molecules, the operation of complex production processes, the spread of 
disease, the performance of aircraft and automobiles, and patterns of traffic 
flow in a highway system—these are just a few examples. 


Scenario Analysis 


Scenario analysis is a process for predicting future values based on certain 
potential events. For example, marketing analysts use scenario analysis to pre- 
dict the results of a new marketing campaign if specific events occur or do 
not occur. The act of creating scenarios forces the decision makers to examine 
their assumptions about the future. By shaping their plans and decisions based 
on the most likely scenarios, they can ensure that their decisions are flexible 
even if circumstances change. Scenario analysis also helps identify potential 
problems and enables people to plan and prepare to handle them. It is used 
to help decide which of several courses of action to take. 

The method causes decision makers to define several scenarios that gen- 
erate different possible outcomes. Each scenario is different—while some are 
pessimistic, others might be optimistic, but each should be plausible. Most 
experts recommend the most appropriate number of different scenarios when 
discussing future strategies is three. Four or more scenarios make the analysis 
too complicated. 
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Monte Carlo simulation: A 
simulation that enables you to see a 
spectrum of thousands of possible 
outcomes, considering not only the 
many variables involved, but also the 
range of potential values for each of 
those variables. 


text analysis: A process for 
extracting value from large quantities 
of unstructured text data. 


video analysis: The process of 
obtaining information or insights from 
video footage. 
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Monte Carlo Simulation 


A Monte Carlo simulation is a simulation that enables you to see a spectrum 
of thousands of possible outcomes, considering not only the many variables 
involved, but also the range of potential values for each of those variables. 
Depending upon the number of variables and their probability distribution (a 
statistical function that describes all the possible values and likelihoods that a 
random variable can take within a given range), a Monte Carlo simulation can 
involve thousands or tens of thousands of individual forecasts or iterations 
before it is complete. The technique is used by decision makers in many fields, 
especially finance, project management, manufacturing, engineering, insurance, 
oil & gas, transportation, and the environment. 

Monte Carlo simulation is the primary technique used in financial plan- 
ning to analyze how long a retiree’s nest egg will last based on a given port- 
folio withdraw rate, current portfolio value, and the percent of the portfolio 
invested in each asset class (e.g., stocks and bonds). A probability distribution 
is determined for the return for each asset class based on data going back as 
far as 1926. The simulation then chooses a value for the return of each asset 
class based on its probability distribution and calculates the portfolio value 
at the end of the year using the given withdrawal rate. That completes the 
year 1 simulation for iteration number 1. The simulation is repeated again for 
year 2, year 3,... year n with a new value selected for the return on each asset 
class for each year. This simulation is repeated again and again for iteration 
2 (year 2), iteration 3 (year 3) . . . iteration n (year n). Upon completion, the 
financial planner is presented with a whole distribution of results showing how 
long the portfolio might last. For example, the results may show that of the 
10,000 iterations run, in only 20 percent of the simulations did the portfolio 
last 20 or more years. 


Text and Video Analysis 


Text and video analysis involves various techniques to view text and video to 
glean insights and data relevant to decision making. 


Text Analysis 

Text analysis is a process for extracting value from large quantities of unstruc- 
tured text data such as consumer comments, social media postings, and cus- 
tomer reviews. It can be used to recognize patterns, perform sentiment analysis, 
tag and annotate data, and information retrieval. (Sentiment analysis seeks to 
determine the attitude of an individual or group regarding a particular topic 
or overall context.) 

Oshkosh Corporation is a U.S. industrial company that designs and builds 
specialty trucks, military vehicles, truck bodies, airport fire apparatus, and 
access equipment. It uses free-form service call records to systematize technical 
support operations and prioritize engineering improvements. Unstructured text 
data from support calls is used to identify common problems and pair sources 
of malfunction with verified solutions that have proven successful in the past. 
This has led to a major reduction in incident resolution time thus cutting labor 
costs and improving customer satisfaction. In addition, understandings gained 
from data analysis help guide engineering efforts to preempt mechanical prob- 
lems in products currently under development.” 


Video analysis 


Video analysis is the process of obtaining information or insights from video 
footage. It is used to identify trends and patterns. Many airports use visual 
analysis technology to ease congestion as passengers travel through airport 
security. The Orlando International Airport is one of the busiest in the country 
with over 44 million passengers each year. The airport implemented a visual 
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analytics system that employs Bluetooth, cameras, and Wi-Fi sensors to calcu- 
late passenger throughput. This data is fed into various algorithms that predict 
passenger wait times at security checkpoints. The airport states that the system 
has reduced wait times by enabling the Transportation Security Administration 
(TSA) to shuffle resources.” 


Popular Bl/Analytics Software 


Widely used BI software comes from many different vendors, including Hewlett 
Packard, IBM, Information Builders, Microsoft, Oracle, and SAP, as shown in 
Table 6.8. Vendors such as JasperSoft and Pentaho also provide open-source 
BI software, which is appealing to some organizations. 


TABLE 6.8 Widely used BI software 


Vendor Product Description 

HP Autonomy IDOL Enables organizations to process unstructured as well as structured data; the 
software can examine the intricate relationships between data to answer the 
crucial question “Why has this happened?” 

IBM Cognos Business Turns data into past, present, and future views of an organization’s operations 

Intelligence and performance so decision makers can identify opportunities and minimize 
risks; snapshots of business performance are provided in reports and 
independently assembled dashboards. 

Microsoft Power BI for Allows users to model and analyze data and query large data sets with powerful 

Office 365 natural-language queries; it also allows users to easily visualize data in Excel. 

Oracle Business Offers a collection of enterprise BI technology and applications; tools including 

Intelligence an integrated array of query, reporting, analysis, mobile analytics, data 
integration and management, desktop integration, and financial performance 
management applications; operational BI applications; and data warehousing. 

Oracle Hyperion Provides software modules to enable financial management; modules include 
those for budgeting, planning, and forecasting; financial reporting; database 
management; financial consolidation; treasury management; and analytics. 

SAS Enterprise BI Server Provides software modules to support query and analysis, perform OLAP 
processing, and create customizable dashboards; the software integrates with 
Microsoft Office. 

SAP Business Objects Offers a suite of applications that enable users to design and generate reports, 
create interactive dashboards that contain charts and graphs for visualizing 
data, and create ad hoc queries and analysis of data; also allows users to search 
through BI data sources. 

Self-Service Analytics 
self-service analytics: Training, Self-service analytics includes training, techniques, and processes that 
techniques, and processes that empower end users to perform their own analyses using an endorsed set of 


empower end users to work 
independently to access data from 
approved sources to perform their 


tools. Self-service analytics encourages nontechnical end users to make deci- 
sions based on facts and analyses rather than intuition. Using a self-service 


own analyses using an endorsed set analytics application, end users can gather insights, analyze trends, uncover 


of tools. 


opportunities and issues, and accelerate decision making by rapidly creating 
reports, charts, dashboards, and documents from any combination of informa- 
tion assets. Self-service analytics eliminates decision-making delays that can 
arise if all requests for data analyses must be made through a limited number 
of data scientists and/or information system resources. It also frees up these 
resources to do higher-level analytics work. Ideally, self-service analytics will 
lead to faster and better decision making. 

An organization can take several actions to ensure an effective self-service 
analytics program. First, to mitigate the risks associated with self-service 
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analytics, data managers should work with business units to determine key 
metrics, an agreed-upon vocabulary, processes for creating and publishing 
reports, the privileges required to access confidential data, and how to define 
and implement security and privacy policies. The information systems organi- 
zation should help users understand what data is available and recommended 
for business analytics. One approach to accomplishing this is to provide a 
data dictionary for use by end users. Training, on both the data and on the use 
of self-service applications, is critical for getting end workers up to speed on 
how they can use the information in the BI system. Finally, data privacy and 
security measures should be in place to ensure that the use of the data meets 
legal, compliance, and regulatory requirements. 

A well-managed self-service analytics program allows technology profes- 
sionals to retain ultimate data control and governance while limiting infor- 
mation systems staff involvement in routine tasks. Modern data management 
requires a true balancing act between enabling self-service analysis and pro- 
tecting sensitive business information. 

The advantages of self-service BI and analytics are that it gets valuable data 
into the hands of end users, it encourages fact-based decision making based on 
analysis, it accelerates decision making, and it provides a solution to the shortage 
of data scientists. The disadvantages are that it raises the potential for errone- 
ous analysis, can lead to analyses with inconsistent conclusions, can cause over 
spending on unapproved data sources and analytics tools, and may remove the 
necessary checks and balances on data preparation and use. Table 6.9 presents 
the advantages and disadvantages associated with self-service BI and analytics. 


TABLE 6.9 Advantage and disadvantages associated with self-service BI and analytics 


Advantages Disadvantages 


Gets valuable data into the hands of the people who need If not well managed, it can create the risk of erroneous 
it the most—end users. analysis and reporting, leading to potentially damaging 
decisions within an organization. 


Encourages nontechnical end users to make decisions 
based on facts and analyses rather than intuition. 


Different analyses can yield inconsistent conclusions, 
resulting in wasted time trying to explain the differences. 
Self-service analytics can also result in proliferating “data 
islands,” with duplications of time and money spent on 
analyses. 


Accelerates and improves decision making. 


Business people can access and use the data they need 
for decision making, without having to go to technology 
experts each time they have a new question, thus filling 
the gap caused by a shortage of trained data scientists. 


Can lead to over spending on unapproved data sources 
and business analytics tools. 


Can exacerbate problems by removing the checks and 
balances on data preparation and use. Without strong 
data governance, organizations can end up with lots of 
silos of information, bad analysis, and extra costs. 


For self-service analytics tools to be effective, they must be intuitive and 
easy to use. Business users simply don’t have the time to learn how to work 
with complex tools or sophisticated interfaces. A self-service analytics applica- 
tion will only be embraced by end users if it allows them to easily access their 
own customized information, without extensive training. Microstrategy, Power 
BI, Qlik, SAS Analytics, Tableau, and TIBCO Software are just a few examples 
of the dozens of software options available for self-service analytics. 

Expert Storybooks, a cloud-based, self-service analytics service from IBM’s 
Watson Analytics line, provides data analysis models that offer connections 
to a range of data sources, along with secure connections to corporate data. 
Expert Storybooks are tools for creating sophisticated data visualizations to 
help users find relevant facts and discover patterns and relationships to make 
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predictive decisions. There are several Expert Storybooks available, including 
one that uses baseball statistics from Scoutables to build predictions of player 
performance, enabling users to gain an edge over their fantasy baseball com- 
petitors. A variety of other Storybooks help end users incorporate weather data 
into revenue analysis; analyze social data to measure reputational risk; analyze 
marketing campaign data; identify and analyze trends in customer profitabil- 
ity; analyze market trends for investment strategy; and examine relationships 
among pay, performance, and credit risk.” 


Critical Miami University (Oxford, Ohio) 


Thinking © ANALYTICAL THINKING 
Exercise 


Miami University has an enrollment of nearly 20,000 students on its main campus in 
Oxford, Ohio. The cost of tuition and fees is around $15,000 plus another $13,000 
for room and board. Out-of-state students pay almost an additional $20,000 their 
first year. U.S. News & World Report has ranked Miami University in the top five 
schools for undergraduate teaching since 2011. It also described Miami University 
as having an “astoundingly beautiful” campus. 

Faculty and administrators at Miami University are gathering data to improve 
student success, retention, and graduation rates. This includes data to measure the 
spectrum of students they recruit in high school, data to show student progress 
toward graduation, data to show when and how the university can support them 
during their college career, and data to measure their graduation success and 
beyond. Predictive analytics is used to analyze much of this data to enable Miami 
University to better support students and, in many cases, take preemptive action 
prior to the student leaving the institution. 


Review Questions 


1. How would you define predictive analytics? What predictive analytics tech- 
niques might be used at Miami University? 

2. What three key organizational components must be in place for Miami Univer- 
sity to get real value from its predictive analytics program? 


Critical Thinking Questions 

1. Identify five likely sources of data that would be useful to track and/or improve 
the academic success, retention, and graduation rate of an individual student. 

2. Develop three examples of how predictive analytics might be used to trigger a 
planned student-faculty or administrator interaction to help a struggling student 
before the problem became too serious. 


Principle: 


We have entered an era where organizations are grappling with a tre- 
mendous growth in the amount of data available and struggling how to 
manage and make use of it. 

“Big data” is the term used to describe data collections that are so enor- 
mous and complex that traditional data management software, hardware, and 
analysis processes are incapable of dealing with them. Big data has five distin- 
guishing characteristics: volume, velocity, value, variety, and veracity. 

Organizations use big data to improve their day-to-day operations, plan- 
ning, and decision making. 
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There are many challenges associated with big data, including how to 
choose what subset of data to store, where and how to store the data, how to 
find those nuggets of data that are relevant to the decision making at hand, 
how to derive value from the relevant data, and how to identify which data 
needs to be protected from unauthorized access. 


Principle: 


A number of available tools and technologies allow organizations to take 
advantage of the opportunities offered by big data. 

Traditional online transaction processing (OLTP) systems put data into 
databases very quickly, reliably, and efficiently, but they do not support the 
types of data analysis that today’s businesses and organizations require. To 
address this need, organizations are building data warehouses specifically 
designed to support management decision making. 

A data warehouse is a large database that holds business information from 
many sources in the enterprise, covering all aspects of the company’s processes, 
products, and customers. 

An extract, transform, load process takes data from a variety of sources, 
edits and transforms it into the format to be used in the data warehouse, and 
then loads the data into the warehouse. 

Data marts are subdivisions of data warehouses and are commonly devoted 
to specific purposes or functional business areas. 

A data lake takes a “store everything” approach to big data, saving all the 
data in its raw and unaltered form. 

A NoSQL database provides a means to store and retrieve data that is 
modelled using some means other than the simple two-dimensional tabular 
relations used in relational databases. Such a database has the capability to 
spread data over multiple servers so that each server contains only a subset of 
the total data. The NoSQL does not require a predefined schema, data entities 
can have attributes edited or assigned to them at any time. NoSQL databases 
do not conform to true ACID properties when processing transactions. 

There are categories of NoSQL databases—key-value, document, graph, 
and column. 

Hadoop is an open-source software framework that includes several soft- 
ware modules that provide a means for storing and processing extremely large 
data sets. Hadoop has two primary components—a data processing component 
(MapReduce) and a distributed file system (Hadoop Distributed File System or 
HDFS) for data storage. Hadoop divides data into subsets and distributes the 
subsets onto different servers for processing. A Hadoop cluster may consist of 
thousands of servers. A subset of the data within the HDFS and the MapReduce 
system are housed on every server in the cluster. 

An in-memory database (IMDB) is a database management system that 
stores the entire database in random access memory to improve storage and 
retrieval speed. 


There are many business intelligence (BD and analytics techniques that 
can be used to support improved decision making. 

Business intelligence includes a wide range of applications, practices, and 
technologies for the extraction, transformation, integration, visualization, analysis, 
interpretation, and presentation of data to support improved decision making. It is 
used to tell what happened and what is happening right now in the organization. 

Analytics is the extensive use of data and quantitative analysis to support 
fact-based decision making within the organization. It is often used to develop 
predictions of what will happen in the future. 

BI and analytics help achieve the following kinds of benefits: detect fraud, 
improve forecasting, increase sales, optimize operations, and reduce costs. 
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A data scientist is an individual who combines strong business acumen, a 
deep understanding of analytics, and a healthy appreciation of the limitations 
of data, tools, and techniques to deliver real improvements in decision making. 

BI/analytics techniques can be divided into five categories: descriptive anal- 
ysis, predictive analytics, optimization, simulation, and text and video analysis. 

Descriptive analysis techniques include visual analytics and regression 
analysis used to perform preliminary analysis to identify patterns in the data 
and answer questions about who, what, where, when, and to what extent. 

Predictive analytics techniques include time series analysis and data mining 
used to analyze current data to identify future probabilities and trends, as well 
as make predictions about the future. 

Optimization techniques include genetic algorithms and linear program- 
ming used to allocate scarce resources in such a manner as to minimize costs 
or maximize profits. 

Simulation techniques include scenario analysis and Monte Carlo simula- 
tion used to emulate the dynamic responses of a real-world system to various 
inputs. 

Text and video analysis techniques include text analysis and video analysis 
used to glean insights and data relevant to decision making. 

Self-service analytics includes training, techniques, and processes that 
empower end users to work independently to access data from approved 
sources to perform their own analyses using an endorsed set of tools. 

The advantages of self-service BI and analytics are that it gets valuable data 
into the hands of end users, it encourages fact-based decision making based 
on analysis, it accelerates decision making, and it provides a solution to the 
shortage of data scientists. 

The disadvantages are that it raises the potential for erroneous analysis, 
can lead to analyses with inconsistent conclusions, can cause over spending on 
unapproved data sources and analytics tools, and may remove the necessary 
checks and balances on data preparation and use. 


analytics 
big data 
business intelligence 


conversion funnel 


in-memory database (IMDB) 
linear programming 
MapReduce program 


Monte Carlo simulation 


Cross-Industry Process for Data Mining (CRISP-DM) NoSQL database 


data lake 

data mart 

data mining 

data scientist 

data warehouse 
descriptive analysis 


predictive analytics 
regression analysis 
scenario analysis 
self-service analytics 
text analysis 


time series analysis 


Extract Load Transform (ETL) process video analysis 


genetic algorithm 


Hadoop 


visual analytics 


word cloud 


Hadoop Distributed File System (HDFS) 
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Self-Assessment Test 


We have entered an era where organizations are 9. 
grappling with a tremendous growth in the amount 

of data available and struggling to understand how 

to manage and make use of it. 


il, is a measure of the quality of 
big data. 

2. The fact that big data comes in many formats 
and may be structured or unstructured is an 
indicator of its : 

3. Choosing what data to store and where and how 
to store the data are two key challenges associ- 
ated with big data. True or False? 

4. is not a key challenge associ- 
ated with big data. 

a. How to derive value from the relevant data 

b. Which format the data should be stored in 

c. How to identify which data needs to be pro- 
tected from unauthorized access 

d. How to find those nuggets of data that are 
relevant to the decision making at hand 


10. 


The component of the 

Hadoop environment is composed of a 

procedure that performs filtering and sorting 

and a method that performs a summary 

operation. 

a. ETL 

b. Map/Reduce program 

c. JobTracker 

d. Hadoop Distributed File System 

The primary advantage associated with the use 

of an in-memory database to process big data is 

that ; 

a. it is much cheaper than secondary storage 

b. it provides access to data at rates much faster 
than storing data on some form of secondary 
storage 

c. it enables the storage of much larger amounts 
of data 

d. it enables the use of Hadoop procedures to 
process the data 


A number of available tools and technologies allow There, SEE Rany business intelligence (BI) and 
organizations to take advantage of the opportunities 40@lytics techniques that can be used to support 
offered by big data. improved decision making. 


Da AN is a large database that holds 11. 
business information from many sources in the 
enterprise, covering all aspects of the company’s 
processes, products, and customers. 

a. relational database 
b. data lake 

c. data warehouse 

d. data lake 

6. The goal of the step of the ETL 
process is to take the source data from all the 
various sources and convert it into a single for- 
mat suitable for processing. 

TA database enables hundreds 
or even thousands of servers to operate on the 
data, providing faster response times for queries 
and updates. 

NoSQL 

normalized 

SQL 

relational 12. 

differs from a 

in that it provides a means 

to store and retrieve data that is modelled 

using some means other than the simple 

two-dimensional tabular relations. 

a. data mart and NoSQL database 

b. data mart and data warehouse 

c. NoSQL database and relational database 

d. data warehouse and data lake 


Parr, 


The primary difference between 
business intelligence and analytics is that 


a. BI is used to analyze historical data to tell 
what happened or is happening right now in 
your business while analytics employs algo- 
rithms to determine relationships among data 
to develop predictions of what will happen in 
the future. 

b. analytics employs techniques like optimiza- 
tion, predictive analysis, and simulation while 
BI employs descriptive analysis and text and 
visual analysis. 

c. a data scientist is required to properly 
employ analytics while an end user 
working with a database administrator can 
employ BI. 

d. organizations used to employ BI but now are 
moving to greater use of analytics. 

An individual who combines strong business 

acumen, a deep understanding of analytics, 

and a healthy appreciation of the limitations 

of their data, tools, and techniques to deliver 

real improvements in decision making is a(n) 


systems analyst 
database administrator 
data scientist 

data steward 


aor. 
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13. 


The five broad categories of BI/analytics tech- 

niques include 

a. heuristics, predictive a simulation, 
data mining, and linear programming 

b. optimization, descriptive analytics, and text 
and video analysis, simulation, and predictive 
analytics 

c. regression analysis, data mining, Monte Carlo 
simulation, optimization, and time series 
analysis 

d. predictive analysis, scenario analysis, image 
analysis, optimization, and regression analysis 

Two specific BI/analytics techniques that are in 

the general category of descriptive analytics are 


a. data mining and linear programming 

b. scenario analysis and time series analysis 

c. regression analysis and visual analytics 

d. Monte Carlo simulation and genetic algorithm 
Data mining and time series belong in the gen- 
eral category of of BI/analytics. 
a. predictive analytics 

b. heuristics 

c. scenario analysis 

d. optimization 


Self-Assessment Test Answers 


Genetic algorithm and linear programming 
belong in the general category 
of BI/analytics. 

a. optimization 

b. scenario analysis 

c. heuristics 

d. predictive analytics 


. While there are three key components that must 


be in place for an organization to get real value 
from its BI and analytics efforts, the one that is 
first and foremost is the existence of a solid data 
management program. True or False? 
Encouragement of self-service analytics almost 
assuredly will eliminate the risk of erroneous 
analysis and reporting and the problem of differ- 
ent analyses yielding inconsistent conclusions. 
True or False? 


. Which of the following is not a disadvantage of 


self-service analytics? 

a. It raises the potential for erroneous analysis. 

b. It can lead to analyses with inconsistent 
conclusions. 

c. It can cause over spending on unapproved 
data sources and analytics tools. 

d. It places valuable data in the hands of end users. 


= 


SO RNAY RYN 


Veracity 
variety 
True 


Toop 


Review and Discussion Questions 


if 


2. 


Identify the five primary characteristics associ- 
ated with big data discussed in this chapter. 

This chapter presented five key challenges associ- 
ated with big data. Propose a sixth key challenge. 
Why do you believe this poses a major challenge? 
How does a data lake differ from a data ware- 
house? How does a data mart differ from a data 
lake, from a data warehouse? Briefly discuss any 
experience you have working with a data mart, 
data warehouse, or data lake. 

Briefly describe the purpose of each step in the 
ETL process. Would the purchase of high-quality 
data from a reputable third-party obliviate the 
need for any of the steps in the ETL process? 
Explain. 


5. 


6. 


In what ways is an SQL database different from 
a NoSQL database? 

Identify the two primary components of the 
Hadoop environment and the role that each 
plays. 

What is the primary reason an organization 
might elect to employ an in-memory database to 
process big data? 

The terms business intelligence and analytics are 
often used interchangeably. Are they the same or 
different? Explain. 

How would you describe the role of a data sci- 
entist? Is such a role of any interest to you? Why 
or why not? 
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10. Which broad category of BI/analytics might 


iil, 


Walmart employ to analyze the flow of shoppers 
through its stores? What might be the purpose 

of such an analysis? What broad category of BI/ 
analytics might Walmart use to analyze consumer 
comments and questions & comments to capture 
and quantify customer sentiment data? 

Which of the specific BI/analytic techniques 
discussed in this chapter have you employed? 
Briefly describe the situation in which you used 
the specific technique(s). Were you satisfied with 
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12. 


13. 


the process required to use this technique and 
the results it produced? Why or why not? Which 
specific technique(s) are you interested in learn- 
ing more about? 

What two key components in addition to a solid 
data management program must be in place for 
an organization to get real value from its BI and 
analytics efforts? 

The use of self-service analytics can introduce 
some new problems for an organization. Can 
you identify four potential issues? 


Business Driven Decision-Making Exercises 


1: 


Teamwork and Collaboration Activities 


1. 


Use one of the BI/analytics techniques to find 
the optimal solution to this problem. You make 
custom T-shirts with inspirational sayings on 
them. You just found out about a community flea 
market sale that is starting tomorrow. You have 
just 8 hours to prepare product for this sale. You 
start with a plain white T-shirt. This is your most 
popular color. But you can dye the white T-shirt 
blue, yellow, or red—but only one shirt at a 
time. Your current inventory is 50 white T-shirts 


Your Cost 
of Materials 


Time 


Required to 


Dye (Minutes) and Stencil 


White 0 $5 
Blue 20 $7 
Yellow 20 $7 
Red 40 $10 


You and many of your classmates are mourning 
the loss of one of your college friends. Your 
friend was highly successful in the business 
world and was a true humanitarian devoting 
much of his time and resources to those who 
needed help. You want to propose to your 


Imagine that you and your team have been hired 
by the football coach at the local university to 
develop a process to predict the academic suc- 
cess of students being considered for athletic 
scholarship. The school is currently on probation 
for the poor graduation rates of its football play- 
ers. The coach needs to make a big improvement 
or he will likely lose his job. What data might 
you consider using to develop an estimate of an 
athlete’s academic success? What BI/analytics 
techniques might you use? 


Including Dye 


and you have enough dye to make 12 red shirts, 
10 yellow shirts, and 15 blue shirts. You take the 
various color shirts to the sale and then stencil 
on an inspirational saying—whatever the cus- 
tomer wants up to 35 characters. 

Based on experience, you know that at a sale 
like this, you will be able to sell all 50 shirts. Use 
the data in the table below to determine how 
many shirts of each color you should bring to 
the sale to maximize your profits. 


You Have 

Enough Dye 

to Make This 

Many Shirts Profit 
50 $12 $7 
15 $15 $8 
10 $15 $8 
12 $16 $6 


Py 


classmates that you set up a foundation in his 
name to provide a $3,000 grant each year to 
one deserving student. Identify the data and 
two analytics techniques you could use to 
estimate how much money is needed for the 
foundation. 


Read the article “Why ‘Big Data’ Is a Big Deal” 
by Jonathan Shaw in the March-April 2014 
Harvard Magazine. What does Shaw think is the 
revolution in big data? Which of the many big 
data applications that he mentions do you find 
to be the most interesting? Why? You and your 
team have been selected to make a 10-minute 
presentation summarizing the key points of this 
article. 
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Career Exercises 


1. You are a certified financial planner working for 
a large bank that specializes in managing the 
retirement funds of its customers. One of the 
most frequently asked questions from your cli- 
ents is “How long will my retirement funds last?” 
Which general category of BI/analytics tools 
would you use to answer this question? What 
specific tools would be useful? 


2. Read the article and comments about “There’s 
No Such Thing as Big Data in HR” by Peter 
Cappelli in the June 2017 Harvard Business 
Review. Do you agree with the views expressed 
with the author? Why or why not? Can you 
identify a functional unit of a major organization 
has little or no use for analytics? 


ææ ANALYTICAL THINKING, APPLICATION 


Business Intelligence and Analytics in Major 
League Baseball 
Early in this century, the Oakland Athletics used readily 
available traditional player performance statistics in new 
ways to decide which players to put on the field, and this 
change led to better play and to several division-winning 
seasons. Their efforts were memorialized in Michael Lewis’s 
book Moneyball, and in the 2011 movie of the same name. 
Major league teams are now all using data analysis 
to improve player selection, player performance, in-game 
decision making, and player development. The techniques 
and tools now in use have moved way beyond what was 
described in Moneyball. Now, data on every pitch is captured 
by a doppler radar system that samples the ball position 
2,000 times a second. At the same time, the batter’s swing is 
recorded, capturing data about the ball’s speed as it comes 
off the bat and the ball’s launch angle. Cameras behind third 
base record the position of players on the field 30 times 
a second. A terabyte of data is captured each game. This 
is now done at all major and minor league parks, in most 
Division 1 college parks, and even at some high schools. 
This wealth of performance data is used as input to 
analytical software for a variety of purposes. Here are some 
examples: 


e In-game decision making: Teams can see where in the 
field each batter tends to hit the ball, and they now 
position fielders accordingly. Therefore you now often 
see three infielders to the right (or left, as the case 
may be) of second base, or four fielders in the out- 
field. These untraditional defensive configurations — 
rarely seen in baseball’s 150-year history—look strange 
to the average fan, but they are very effective in cut- 
ting down on base hits. 

¢ Player selection: Teams can acquire players from other 
teams, or sign players whose contracts with teams have 
run out. Teams have a rough idea of what pitchers they 
will face in a year and in what ball parks, which have 
different dimensions. From the data that is collected 
each game, a team can simulate how a batter would 
do against these pitchers in those parks during a full 
season. In this way a team can project which players 
would succeed with them and which might not. 


e Improved performance: Doppler radar-generated 
data shows in detail how each pitch was delivered — 
the ball’s spin, the way the ball was released by the 
pitcher, the ball’s direction and path taken, and other 
measures. Analysts are now able to show a pitcher 
how to change their delivery or motion for certain 
kinds of pitches. By analyzing data about his pitching, 
Justin Verlander revived his career after being traded 
to the Houston Astros. 


In 2011 the Houston Astros were one of baseball’s 
worst teams. They hired Jeff Luhnow away from the St. 
Louis Cardinals, one of the early leaders in the use of data 
analysis, to establish a program for the Astros. In a two-part 
McKinsey Quarterly interview, Luhnow described this work. 
Initially, many players were resistant to change, for exam- 
ple to new defensive configurations. But, upper manage- 
ment made it clear to all that the program would continue. 
A breakthrough occurred when (1) the club showed players 
how the data was gathered and used, and (2) assigned 
ex-players with software skills as coaches for the minor 
league teams to explain the program to players coming up. 
These moves generated trust and buy-in at all levels. Today, 
the Astros’ program is recognized as one of baseball’s best, 
and the Astros have been one of the most successful teams 
on the field. Many of Luhnow’s staffers have been hired 
away by other teams. 

Luhnow says data analysis in baseball will continue to 
evolve. In the future, he says, big data and artificial intelli- 
gence will be increasingly important. One area of interest is 
using biometric data to predict, and thus prevent, injuries, 
particularly to pitchers. 


Questions: 


1. Baseball executives typically call their analysis pro- 
grams “analytics”. Based on this chapter’s BI and Ana- 
lytics definitions, would you say that their programs 
are more Business Intelligence or more Analytics? Or, 
some of both? 

2. Excel is a popular and powerful program with a good 
statistical package. Why do you think baseball teams 
use tailored software applications for their data analy- 
sis, instead of Excel? 
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3. Baseball teams have used “scouts” to watch young 
men play at the high school and college levels. 
Scouts would report the evaluations to the front 
office, and players were hired based on these 
reports. Teams still do employ scouts to do this, but 
increasingly player potential is based on an analysis 
of doppler and video data. Do you think there will 
come a day when scouts are no longer needed by 
major league teams? 

4. Most teams have at least a dozen data scientists and 
other analysts in their programs. Analysts earn high 
salaries and benefits. Office space, equipment, hard- 
ware and software are costly as well. What would you 
roughly think the data analysis program would cost a 
major league team each year? 


Sources: “How the Houston Astros are winning through advanced 
analytics”, bttps:/jvww.mckinsey.com/business-functions/organization/ 
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g= Networks: An Interconnected 


se 


Principles Learning Objectives 


A network has many e Describe three network topologies and four network types in common 
fundamental components, use today. 

which—when carefully 
selected and effectively 
integrated—enable people 
to meet personal and e Identify three advantages associated with software-defined networking. 
organizational objectives. 


e State three advantages that 5G wireless communications will provide 
over 4G communications. 


Together, the Internet and the Describe how the Internet works, including the roles of the Internet 
World Wide Web provide a backbone, TCP/IP protocol, IP address, switches, and routers. 
highly effective infrastructure 
for delivering and accessing 
information and services. 


e Describe how the Web works, including the roles of the client/server 
architecture, Domain Name System, URL, hyperlinks, Web browser, 
HTML, XML, and CSS. 


State the purpose of client-side and server-side programming. 


e Identify three commonly used client-side programming languages and 
three commonly used server-side programming languages. 


e Outline the process and tools used in developing Web content and 
applications. 


e Describe five common Internet and Web applications. 


Macrovector/Shutterstock.com 


e Explain how intranets and extranets use Internet technologies. 
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IS in Action 


Communications in Time of Natural Disaster 


æ GLOBAL 


Disasters can occur anywhere and anytime. Several serious natural disasters struck around 
the world in 2017 and 2018. Powerful hurricanes struck North and South Carolina, Hous- 
ton, south Florida, Hawaii, Puerto Rico, and the Florida Panhandle. Strong typhoons hit 
Japan, Australia, Hong Kong, and the Philippines. The fierce winds, driving rain, and storm 
surge snapped power poles and trees like toothpicks, washed entire neighborhoods into 
the sea, caused widespread flooding, and resulted in loss of life and hundreds of billions of 
dollars of damage. China, Indonesia, Iran, Italy, Honduras, Papua New Guiana, Venezuela, 
Mexico, and Peru were rocked by powerful magnitude 7.0 or greater earthquakes. In some 
cases, these earthquakes triggered a tsunami whose high, strong waves can travel over 
500 mph in the deep ocean waters. When the tsunami hits shore, it washes away every- 
thing in its path for miles with death tolls often measured in the thousands. 

No matter where the disaster is taking place, rescue and relief operations are needed 
to find and rescue victims, as well as care for survivors. The first step in coordinating and 
managing a successful rescue and relief operation is to establish a central base, where 
all information is gathered and distributed to the first responder teams, including police 
officers, firefighters, and emergency medical technicians. This central base, or command. 
and control center, is key to ensuring first responders at the disaster sites receive the 
most up-to-date information and that their efforts are directed to where it is most urgently 
needed. As you can imagine, reliable communication is key for these operations to be 
successful. 

Unfortunately, natural disasters destroy phone lines and cell towers, rendering use- 
less all landline, wireless, and Wi-Fi communication networks. As a result, first respond- 
ers increasingly rely on special battery-driven satellite communication telephones which 
require no local ground-based infrastructure whatsoever. For example, the U.S. company 
Iridium operates the Iridium satellite constellation, which is a network of 66 Low-Earth 
Orbit (LEO) satellites used for worldwide voice and data communication from hand-held 
satellite phones and other transceiver units. These satellites serve as a cell tower in the 
sky and allow first responders to use satellite phones to transfer voice and live video 
streams from affected areas back to the center. Surveillance aircraft or drones circling the 
disaster zone with onboard cameras can also capture and transmit video and images. All 
this data provides the command post with a more complete picture of what is happening 
and enables workers there to make decisions based on this information. A complete situ- 
ation awareness capability such as this, enabled by a wide-area satellite communications 
network, is vital to the success of any rescue operation. 


As you read this chapter, consider the following: 


e How are organizations using networks to support their business strategies and 
achieve organizational objectives? 

e What capabilities do search engines, social networks, and other Internet services 
provide to make organizations successful? 
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Why Learn about Networks? 


Today’s decision makers need to access data wherever it resides. They must be able to establish fast, 
reliable connections to exchange messages, upload and download data and software, route business 
transactions to processors, connect to databases and network services, and send output to wherever it 

is needed. Regardless of your chosen major or future career field, you will make use of the communica- 
tions capabilities provided by networks, including the Internet, intranets, and extranets. This is especially 
true for those whose role is connected to the supply chain and who rely heavily on networks to support 
cooperation and communication among workers in inbound logistics, warehouse and storage, produc- 
tion, finished product storage, outbound logistics, and, most importantly, with customers, suppliers, and 
shippers. Many supply chain organizations make use of the Internet to purchase raw materials, parts, and 
supplies at competitive prices. All members of the supply chain must work together effectively to increase 
the value perceived by the customer, so partners must communicate well. Other employees in human 
resources, finance, research and development, marketing, manufacturing, and sales positions must also 
use communications technology to communicate with people inside and outside the organization. To be a 
successful member of any organization, you must be able to take advantage of the capabilities that these 
technologies offer you. This chapter begins by discussing the importance of effective communications. 


In today’s high-speed global business world, organizations need always-on, always- 
connected computing for traveling employees and for network connections to their key 
business partners and customers. Forward-thinking organizations strive to increase reve- 
nue, reduce time to market, and enable collaboration with their suppliers, customers, and 
business partners by using networks. Here are just a few examples of organizations using 
networks to move ahead: 


e Many banks and retail organizations have launched their own mobile payment 
system, with the hopes of reducing payments to financial services organiza- 
tions while also increasing customer loyalty. Some of these new systems include 
Android Pay, Apple Pay, Chase Pay, PayPal, Samsung Pay, Urban Airship, and 
Walmart Pay. 

e Networks make it possible for you to access a wealth of educational material and 
earn certifications or an online degree. A wide range of courses are available online 
from such leading educational institutions as Cornell, Carnegie Mellon, Harvard, 
MIT, and Yale. Many educational organizations such as Coursera, ed2Go, and Kahn 
Academy offer continuing education, certification programs, and professional devel- 
opment courses. It is possible to earn a degree taking courses online from fully 
accredited educational institutions including: Arizona State University, Colorado 
State University, Embry-Riddle Aeronautical University, Ohio State University, Ore- 
gon State University, Pennsylvania State University, Temple University, University 
of Oklahoma, Utah State University, and many others. 

e Shrewd operators of major sports venues have discovered that relaying exciting 
action to friends in real-time on social media has become an important part of the 
overall fan experience. Such capabilities are proving to be increasingly essential to 
attracting fans to games. As a result, many venues are installing high-performance 
cellular and wireless networks to meet this need. They are also providing apps that 
enable fans to scan their tickets, order food and beverages, download a 360-degree 
stadium video or even receive real-time updates about lengths of bathroom lines. 
There is a major potential payoff as it has been estimated that fans would spend 
an extra $20 if wait times at concession stands were halved.' 

e Telemedicine is a means of providing clinical healthcare to a patient from a distance 
using telecommunications and information technology. During a telemedicine ses- 
sion, patient information is automatically captured using such telemedicine services 
as sensors and mobile apps. Sensors can track the electrical activity of the patient’s 
heart (ECG) and send the results to doctors. This provides an invaluable tool for 
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health care professionals to monitor cardiovascular activity. Patient data collection 
can help identify risk factors for certain illnesses and assist physicians in recom- 
mending appropriate treatments. Because telemedicine is one of the fastest growing 
segments in the health care industry, many organizations are investing in it.? 


Advances in network technology allow us to communicate in real time with customers, 
clients, business partners, and coworkers almost anywhere in the world. Networks also 
reduce the amount of time required to transmit information necessary for driving and 
concluding business transactions. 


Network Fundamentals 


computer network: The 
communications media, devices, and 
software connecting two or more 
computer systems or devices. 


communications medium: Any 
material substance that carries 

an electronic signal to support 
communications between a sending 
and a receiving device. 


network topology: The shape or 
structure of a network, including the 
arrangement of the communication 
links and hardware devices on the 
network. 


star network: A network in which 
all network devices connect to one 
another through a single central device 
called the hub node. 


FIGURE 7.1 


Star network 

In a star network, all network 
devices connect to one another 
through a single central hub node. 


A computer network consists of communications media, devices, and software 
connecting two or more computer systems or devices. Communications media 
are any material substance that carries an electronic signal to support commu- 
nications between a sending and a receiving device. The computers and devices 
on the networks are also sometimes called network nodes. Organizations can 
use networks to share hardware, programs, and databases and to transmit 
and receive information, allowing for improved organizational effectiveness 
and efficiency. Networks enable geographically separated workgroups to share 
documents and opinions, which fosters teamwork, innovative ideas, and new 
business strategies. Effective use of networks can help a company grow into 
an agile, powerful, and creative organization, giving it a long-term competitive 
advantage. 


Network Topology 


Network topology is the shape or structure of a network, including the 
arrangement of the communication links and hardware devices on the network. 
The transmission rates, distances between devices, signal types, and physical 
interconnection may differ between networks, but they may all have the same 
topology. The three most common network topologies in use today are the 
star, bus, and mesh. 

In a star network, all network devices connect to one another through a 
single central device called the hub node. See Figure 7.1. Many home networks 
employ the star topology. A failure in any link of the star network will isolate 
only the device connected to that link. However, should the hub fail, all devices 
on the entire network will be unable to communicate. 


Vlad Kochelaevskiy/Shutterstock.com 
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bus network: A network in which 
all network devices are connected to 
a common backbone that serves as a 
shared communications medium. 


Bus network 

In a bus network, all network 
devices are connected to a 
common backbone that serves as a 
shared communications medium. 


mesh network: A network that 
uses multiple access points to link a 
series of devices that speak to each 
other to form a network connection 
across a large area. 


Mesh network 

Mesh networks use multiple access 
points to link a series of devices 
that speak to each other to forma 
network connection across a large 
area. 


In a bus network, all network devices are connected to a common backbone 
that serves as a shared communications medium. See Figure 7.2. To communicate 
with any other device on the network, a device sends a broadcast message onto 
the communications medium. All devices on the network can “see” the message, 
but only the intended recipient actually accepts and processes the message. 


mamanamsai/Shutterstock.com 


Mesh networks use multiple access points to link a series of devices that 
speak to each other to form a network connection across a large area. See 
Figure 7.3. Communications are routed among network nodes by allowing for 
continuous connections and by bypassing blocked paths by “hopping” from 
node to node until a connection can be established. Mesh networks are very 
robust: if one node fails, all the other nodes can still communicate with each 
other, directly or through one or more intermediate nodes. 


The QLine streetcar spans 20 stations at 12 locations in downtown Detroit. 
It plays a crucial role in connecting the city and will likely undergo further 
improvements and expansion. Riders on the QLine can access free Wi-Fi ser- 
vices through a mesh network with network nodes placed about 500 yards 
apart along the right of way.’ 
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personal area network 
(PAN): A network that supports 
the interconnection of information 
technology devices close to one 
person. 


local area network (LAN): 

A network that connects computer 
systems and devices within a small 
area, such as an office, home, or 
several floors in a building. 


Typical LAN 

All network users within an office 
building can connect to each other's 
devices for rapid communication. 
For instance, a user in research 

and development could send a 
document from her computer to be 
printed at a printer located in the 
desktop publishing center. Most 
computer labs employ a LAN to 
enable the users to share the use 

of high-speed and/or color printers 
and plotters as well as to download 
software applications and save files. 
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Network Types 


A network can be classified as personal area, local area, metropolitan, or wide 
area network depending on the physical distance between the nodes on the 
network and the communications and services it provides. 


Personal Area Networks 


A personal area network (PAN) is a wireless network that connects infor- 
mation technology devices close to one person. With a PAN, you can connect 
a laptop, digital camera, and portable printer without cables. You can down- 
load digital image data from the camera to the laptop and then print it on a 
high-quality printer—all wirelessly. A PAN could also be used to enable data 
captured by sensors placed on your body to be transmitted to your smartphone 
as input to applications that can serve as calorie trackers, heart monitors, glu- 
cose monitors, and pedometers. 


Local Area Networks 


A network that connects computer systems and devices within a small area, such 
as an office, home, or several floors in a building is a local area network (LAN). 
Typically, LANs are wired into office buildings and factories, as shown in 
Figure 7.4. Although LANs often use unshielded twisted-pair copper wire, other 
media—including fiber-optic cable—is also popular. Increasingly, LANs use 
some form of wireless communications. You can build LANs to connect per- 
sonal computers, laptop computers, or powerful mainframe computers. 


—  — Copy center, printing, 
and desktop publishing 
computers and devices 


A basic type of LAN is a simple peer-to-peer network that a small business 
might use to share files and hardware devices, such as printers. In a peer-to- 
peer network, you set up each computer as an independent computer, but you 
let other computers access specific files on its hard drive or share its printer. 
These types of networks have no server. Instead, each computer is connected to 
the next machine. Examples of peer-to-peer networks include ANts, BitTorrent, 
StealthNet, Tixati, and Windows 10 Homegroup. Performance of the computers 
on a peer-to-peer network is usually slower because one computer is actually 
sharing the resources of another computer. 

Increasingly, home and small business networks are being set up to con- 
nect computers, printers, scanners, and other devices. A person working on 
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metropolitan area network 
(MAN): A network that connects 
users and their computers in a 
geographical area that spans a 
campus or city. 


wide area network (WAN): 
A network that connects large 
geographic regions. 


channel bandwidth: The capacity 
of a communications channel to carry 
traffic, usually measured in megabits 
bits per second (Gbps). 


network latency: A measurement 
of how long it takes for a unit of data to 
get to its destination and back again. 


one computer on a home network, for example, can use data and programs 
stored on another computer’s hard disk. In addition, several computers on the 
network can share a single printer. 


Metropolitan Area Networks 


A metropolitan area network (MAN) is a network that connects users and 
their computers in a geographical area that spans a campus or city. A MAN 
might redefine the many networks within a city into a single larger network 
or connect several LANs into a single campus MAN. Often, the MAN is owned 
either by a consortium of users or by a single network provider who sells the 
service to users. Examples of a MAN include a MAN to interconnect police 
stations or a related group of community colleges spread over a city or county. 


Wide Area Networks 


A wide area network (WAN) is a network that connects large geographic 
regions. A WAN might be privately owned or rented and includes public 
(shared-users) networks. When you make a long-distance phone call or access 
the Internet, you are using a WAN. WANs usually consist of computer equip- 
ment owned by the user, together with data communications equipment and 
network links provided by various carriers and service providers. Bank of 
America, JP Morgan Chase, and Wells Fargo all rely on a wide area network to 
connect their thousands of branches across the United States. 

WANs often provide communications across national borders, which 
involves national and international laws regulating the electronic flow of 
data across international boundaries, often called transborder dataflow. Some 
countries have strict laws limiting the use of networks and databases, making 
normal business transactions such as payroll processing costly, slow, or even 
impossible. 


Channel Bandwidth 


Network professionals consider the capacity of the communications path or 
channel when they recommend transmission media for a network. Channel 
bandwidth refers to the capacity of a communications channel to carry traffic, 
usually measured in megabits bits per second (one million bits per second, 
abbreviated Gbps). The higher the bandwidth the more traffic that can be 
carried (e.g. more simultaneous conversations). Most organizations need high 
bandwidth to accommodate the transaction volume and transmission speed 
required to carry out their daily functions. A higher bandwidth means that 
more traffic can be carried (e.g. more simultaneous conversations). It does not 
imply how fast that communication will take place (although if you attempt 
to put more traffic over a network than the available bandwidth, you'll get 
packets of data being discarded and re-transmitted later, which will degrade 
your performance). 


Network Latency 


Network latency measures how long it takes for a unit of data to get to its 
destination and back again. It is typically measured in milliseconds (ms) or 
thousandths of a second. Network connections in which small delays occur are 
called low-latency networks (e.g. 4G cellular network with latency of 60 ms) 
whereas network connections that experience long delays are called high- 
latency networks (e.g. satellite network with latency of 800 ms). High latency 
creates bottlenecks in any network communication. Network latency is affected 
by the distance between the sender and receiver, the transmission medium 
used, the number and speed of intermediate switches and/or routers through 
which the communications must pass, and other factors. 
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Communications Media 


The communications media selected for a network depends on the amount of 
information to be exchanged, the speed at which data must be exchanged, the 
level of concern about data privacy, whether the users are stationary or mobile, 
and a variety of business requirements. Transmission media can be divided 
into two broad categories guided (also called wired) transmission media, in 
which communications signals are guided along a solid medium, and wireless, 
in which the communications signal is broadcast over airwaves as a form of 
electromagnetic radiation. 


Guided Transmission Media Types 


There are many different guided transmission media types. Table 7.1 summa- 
rizes the guided media types by physical media form. The three most common 
guided transmission media types are shown in Figure 7.5. 


TABLE 7-1 Guided transmission media types 


Media Form Description Advantages Disadvantages 
Twisted-pair wire Twisted pairs of copper wire, Widely available Limitations on transmission 
shielded or unshielded; used speed and distance 
for telephone service 
Coaxial cable Inner conductor wire Cleaner and faster data More expensive than twisted- 
surrounded by insulation transmission than twisted-pair pair wire 
wire 
Fiber-optic cable Many extremely thin strands Diameter of cable is much Expensive to purchase and 
of glass bound together in a smaller than coaxial cable; less install 
sheathing; uses light beams to distortion of signal; capable of 
transmit signals high transmission rates 


hens < 


ng 


Types of guided transmission 
media 

Common guided transmission 
media include twisted-pair wire, Twisted-pair Goavial 
coaxial cable, and fiber-optic cable. wire cable 


Galushko Sergey/Shutterstock.com 


Flegere/Shutterstock.com 
Krasowit/Shutterstock.com 


Fiber-optic 
cable 


10-Gigabit Ethernet is a standard for transmitting data at the speed of 
10 billion bps for limited distances over high-quality twisted-pair wire. The 
10-Gigabit Ethernet cable can be used for the high-speed links that connect 
groups of computers or to move data stored in large databases on large com- 
puters to stand-alone storage devices. 


Wireless Transmission 

Wireless communications coupled with the Internet are revolutionizing how 
and where we gather and share information, collaborate in teams, listen to 
music or watch video, and stay in touch with our families and coworkers while 
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on the road. With wireless capability, a coffee shop can become our living room 
and the bleachers at a ballpark can become our office. The many advantages 
and freedoms provided by wireless communications are causing many organi- 
zations to consider moving to an all-wireless environment. 
wireless communication: The Wireless communication is the transfer of information between two or 
transfer of information between two or more points that are not connected by an electrical conductor. All wireless 
more Pointe that are AGL-Connpeied by communications signals are sent within a range of frequencies of the electro- 
an electrical conductor. ; i . : 
magnetic spectrum that represents the entire range of light that exists from 
long waves to gamma rays as shown in Figure 7.6. 
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FIGURE 7.6 
The electromagnetic 
spectrum 
The range of all possible 
frequencies of electromagnetic 
radiation. 
Source: httos//upload.wikimedia.org/ Lohg-Waves 
wikipedia/commons/2/25/Electromagnetic- 
Spectrum.svg. 
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The propagation of light is like waves crossing an ocean. Like any other 
wave, light has two fundamental properties that describe it. One is its fre- 
quency, measured in hertz (Hz), which counts the number of waves that pass 
by a stationary point in one second. The second fundamental property is 
wavelength, which is the distance from the peak of one wave to the peak of 
the next. These two attributes are inversely related so the higher the frequency, 
the shorter the wavelength. 

All wireless communication devices operate in a similar way. A transmitter 
generates a signal, which contains encoded voice, video, or data at a specific 
frequency, that is broadcast into the environment by an antenna. This signal 
spreads out in the environment, with only a very small portion being captured 
by the antenna of the receiving device, which then decodes the information. 
Depending on the distance involved, the frequency of the transmitted signal, 
and other conditions, the received signal can be incredibly weak, perhaps one 
trillionth of the original signal strength. 

The signals used in wireless networks are broadcast in one of three fre- 
quency ranges: microwave, radio, and infrared, as shown in Table 7.2. 


TABLE 7.2 Frequency ranges used for wireless communications 


Technology Description Advantages Disadvantages 
Radio frequency range Operates in the 3 kHz-300 Supports mobile users; Signal is highly susceptible 
MHz range costs are dropping to interception 
Microwave—terrestrial and High-frequency radio Avoids cost and effort to Must have unobstructed 
satellite frequency range signal (300 MHz-300 lay cable or wires; capable line of sight between 
GHz) sent through of high-speed transmission sender and receiver; signal 
the atmosphere and is highly susceptible to 
space (often involves interception 


communications satellites) 


Infrared frequency range Signals in the 300 GHz- Let’s you move, remove, Must have unobstructed 
400 THz frequency range and install devices without line of sight between 
expensive wiring sender and receiver; 


transmission is effective 
only for short distances 


Because there are so many competing uses for wireless communication, 
strict rules are necessary to prevent one type of transmission from interfering 
with the next. And because the spectrum is limited—there are only so many 
frequency bands—governments must oversee appropriate licensing of this valu- 
able resource to facilitate use in all bands. In the United States, the Federal 
Communications Commission (FCC) decides which frequencies of the commu- 
nications spectrum can be used for which purposes. For example, the portion 
of the electromagnetic spectrum between 700 MHz and 2.6 GHz has been 
allocated for use by mobile phones. Most of the spectrum in this range has 
already been allocated for use. This means that when a wireless company wants 
to add more spectrum to its service to boost its capacity, it may have problems 
obtaining the necessary licenses because other companies are already using 
the available frequencies. 


Some of the more widely used wireless communications options are dis- 
near field communication 


(NFC): A very short-range wireless asione 
connectivity technology that enables Near field communication (NFC) is a very short-range wireless connec- 


two devices placed within a few inches tivity technology that enables two devices placed within a few inches of each 
of each other to exchange data. other to exchange data. With NFC, consumers can swipe their credit cards—or 
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even their smartphones—within a few inches of NFC point-of-sale terminals 
to pay for purchases. Apple Pay, the mobile payment and digital wallet service 
that lets users make payments using an iPhone, an iPad, or an Apple Watch- 
compatible device, uses NFC to communicate between the user’s device and 
the point-of-sale terminal. 
Many retailers—including Target, Macys, and Walgreens—already have 
NFC-based contactless pay terminals in place. Shoppers in these stores can 
also use their smartphones and NFC to gain access to loyalty programs to earn 
points, view marketing information, and share content and interact with brands 
via social media. 
Bluetooth: A wireless Bluetooth is a wireless communications specification that describes how 
communications specification that cell phones, computers, printers, and other electronic devices can be intercon- 
describes how cell phones, computers, nected over distances of 10 to 30 feet at a transmission rate of about 2 Mbps. 
taxes; printers; and other eectonie Using Bluetooth technology, users of multifunctional devices can synchronize 
devices can be interconnected over ? 
distances of 10 to 30 feet at a rate of data on their device with information stored in a desktop computer, send or 
about 2 Mbps. receive faxes, and print. The Bluetooth G-Shock watch enables you to make a 
connection between your watch and your smartphone. With a G-shock watch, 
you can control your phone’s music player from the watch and the watch’s 
timekeeping functions from your phone. 
Wi-Fi: A medium-range wireless Wi-Fi is a wireless network brand owned by the Wi-Fi Alliance, which 
communications technology brand consists of about 300 technology companies, including AT&T, Dell, Microsoft, 
One Dy GMa anaes Nokia, and Qualcomm. The alliance exists to improve the interoperabil- 
ity of wireless local area network products based on the IEEE 802.11 series 
of communications standards. IEEE stands for the Institute of Electrical 
and Electronics Engineers, a nonprofit organization and one of the leading 
standards-setting organizations. Table 7.3 summarizes several variations of the 
IEEE 802.11 standard. 


TABLE 7-3 IEEE 802.11 wireless local area networking standards 


Wireless Maximum Data 

Networking Rate per Data 

Protocol Stream Comments 

IEEE 802.11a 54 Mbps Transmits at 5 GHz, which means it is incompatible with 802.11b and 802.11g 
IEEE 802.11b 11 Mbps First widely accepted wireless network standard and transmits at 2.4 GHz; 


equipment using this protocol may occasionally suffer from interference from 
microwave ovens, cordless telephones, and Bluetooth devices 


IEEE 802.11g 54 Mbps Equipment using this protocol transmits at 2.4 GHz and may occasionally 
suffer from interference from microwave ovens, cordless telephones, and 
Bluetooth devices 


IEEE 802.11n 300 Mbps Employs multiple input, multiple output (MIMO) technology, which allows 
multiple data streams to be transmitted over the same channel using the same 
bandwidth that is used for only a single data stream in 802.11a/b/g 


IEEE 802.11ac 400 Mbps-1.3 An 802.11 standard that provides higher data transmission speeds and more 
Gbps stable connections; it can transmit at either 2.4 GHz or 5 GHz 


In a Wi-Fi wireless network, the user’s computer, smartphone, or other 
mobile device has a wireless adapter that translates data into a radio signal 
and transmits it using an antenna. A wireless access point, which consists of 
a transmitter with an antenna, receives the signal and decodes it. The access 
point then sends the information to the Internet over a wired connection. 
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Wi-Fi network 

In a Wi-Fi network, the user’s 
computer, smartphone, or cell 
phone has a wireless adapter that 
translates data into a radio signal 
and transmits it using an antenna. 
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See Figure 7.7. When receiving data, the wireless access point takes the infor- 
mation from the Internet, translates it into a radio signal, and sends it to the 
device’s wireless adapter. These devices typically come with built-in wireless 
transmitters and software to enable them to alert the user to the existence of a 
Wi-Fi network. The area covered by one or more interconnected wireless access 
points is called a “hot spot.” Wi-Fi has proven so popular that hot spots are 
popping up in places such as airports, coffee shops, college campuses, librar- 
ies, and restaurants. The availability of free Wi-Fi within a hotel’s premises has 
become very popular with business travelers. Meanwhile, hundreds of cities 
in the United States have implemented municipal Wi-Fi networks for use by 
meter readers and other municipal workers and to provide Internet access to 
their citizens and visitors. 


Wireless network 


Data transmitted and 
received through airwaves 


om k 


Wireless access point Cable modem/router Internet 


Microwave Transmission 

Microwave is a high-frequency (300 MHz to 300 GHz) signal sent through 
the air. Terrestrial (Earth-bound) microwaves are transmitted by line-of-sight 
devices, so the line of sight between the transmitter and receiver must be 
unobstructed. Typically, microwave stations are placed in a series—one station 
receives a signal, amplifies it, and retransmits it to the next microwave trans- 
mission tower. Such stations can be located roughly 30 miles apart before the 
curvature of the Earth makes it impossible for the towers to “see” one another. 
Because they are line-of-sight transmission devices, microwave dishes are fre- 
quently placed in relatively high locations, such as mountains, towers, or tall 
buildings. 

A communications satellite also operates in the microwave frequency 
range. See Figure 7.8. The satellite receives the signal from the Earth station, 
amplifies the relatively weak signal, and then rebroadcasts it at a different fre- 
quency. The advantage of satellite communications is that satellites can receive 
and broadcast over large geographic regions. Problems such as the curvature 
of the Earth, mountains, and other structures that block the line-of-sight micro- 
wave transmission make satellites an attractive alternative. Geostationary, low 
earth orbit, and small mobile satellite stations are the most common forms of 
satellite communications. 
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Satellite transmission 
Communications satellites are relay 
stations that receive signals from 
one Earth station and rebroadcast 
them to another. 


Long Term Evolution (LTE): 
A standard for wireless 
communications for mobile phones 
based on packet switching. 


AN 
Á Communications 
satellite 


Microwave 
station 


Microwave 
station 


Approximately 
22,300 
miles 


A geostationary satellite orbits the Earth directly over the equator, approx- 
imately 22,300 miles above the Earth, so that it appears stationary. The U.S. 
National Weather Service relies on the Geostationary Operational Environ- 
mental Satellite program for weather imagery and quantitative data to support 
weather forecasting, severe storm tracking, and meteorological research. 

Google’s Project Loon plans to launch a series of hot air balloons into the 
upper atmosphere about 12 miles above the Earth’s surface. From there, they’ll 
beam down a signal to network stations on the Earth's surface. The primary 
goal is to provide world-wide Internet access to everyone, everywhere. But the 
project will also enable cell phone service and Internet access to relief workers 
and inhabitants in disaster areas until local sources are available again. This 
approach is like launching geostationary satellites, but much cheaper.* 


4G Wireless Communications 


Wireless communications have evolved through four generations of technology 
and services and is now entering a fifth generation. The first generation (1G) 
of wireless communications standards originated in the 1980s and was based 
on analog communications. The second-generation (2G) networks were fully 
digital, superseding 1G networks in the early 1990s. With 2G networks, phone 
conversations were encrypted, mobile phone usage was expanded, and short 
message services (SMS)—or texting—was introduced. 3G wireless communi- 
cations supports wireless voice and broadband speed data communications in 
a mobile environment at speeds of 2 to 4 Mbps. Additional capabilities include 
mobile video, mobile e-commerce, location-based services, mobile gaming, and 
the downloading and playing of music. 

4G broadband mobile wireless delivers more advanced versions of 
enhanced multimedia, smooth streaming video, universal access, and portabil- 
ity across all types of devices; eventually 4G will also make possible worldwide 
roaming. 4G can deliver 3 to 20 times the speed of 3G networks for mobile 
devices such as smartphones, tablets, and laptops. 

Each of the four major U.S. wireless network operators (AT&T, Verizon, 
Sprint, and T-Mobile) is rapidly expanded its 4G networks based on the Long 
Term Evolution (LTE) standard. Long Term Evolution (LTE) is a standard for 
wireless communications for mobile phones based on packet switching, which 
is an entirely different approach from the circuit-switching approach employed 
in 3G communications networks. To convert to the LTE standard, carriers had 
to reengineer their voice call networks. 

The biggest benefit of LTE is how quickly a mobile device can connect to 
the Internet and how much data it can download or upload in a given amount 
of time. LTE makes it reasonable to stream video to your phone, using services 
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such as Amazon Prime Instant Video, Hulu Plus, Netflix, or YouTube. It also 
speeds up Web browsing, with most pages loading in seconds. LTE enables 
video calling using services such as Skype or Google Hangouts. LTE’s faster 
speed also makes sharing photos and videos from your phone quick and easy. 


5G Wireless Communications 


A new mobile communications generation has come on the scene about every 
10 years since the first 1G system. 5G is a term used to identify the next major 
phase of mobile communications standards beyond 4G. AT&T and Verizon have 
plans to launch 5G networks in multiple cities by late 2018. T-Mobile plans to build 
a nationwide 5G network starting in 2019 with full national coverage by 2020. 
5G networks will have three advantages over the current 4G networks. First, they 
will have the bandwidth to transmit more data (on the order of 20 Gbps). At this 
bandwidth, a two-hour movie can be streamed in less than 3 seconds. Second, 
they will have lower latency—less than 1 ms compared to 10 ms. This means that 
data will zip through the network much faster. Third, 5G networks will have the 
ability to support many more devices (thousands) at one time. 

5G networks will enable several exciting new applications. The current 
generation of autonomous cars are self-contained and make driving decisions 
based on their knowledge of current traffic and road conditions. Next gen- 
eration autonomous cars well interact with other vehicles and “smart roads” 
exchanging information directly with other cars and/or smart devices strategi- 
cally positioned along the highways. They will use this data to further improve 
driver safety and overall traffic flow. The sub-millisecond latency of 5G net- 
works will be required to support these brief bursts of data. 

Augmented reality (AR) adds a virtual layer over the real world opening 
the door to a wide range of potential applications. AR can be used to see how 
it might look if you lost twenty pounds, tried on new clothes, or redecorated 
your home; help you find friends in a crowd, or get a description of the shops 
along a street or in a mall without even entering them. The bandwidth, latency, 
and lack of uniformity (the consistency of mobile connection) of 4G networks 
greatly limits what can be done with AR and VR. However, 5G networks with 
a latency of less than 1 ms will greatly improve the AR/VR experience. AR/VR 
enthusiasts will be able to pair a 5G smartphone with a AR/VR headset com- 
plete with a controller that tracks the position and location of your hands to 
stream VR content and play online VR games wherever they are. 


FIGURE 7.9 


New 5g smartphones paired 
with 5G networks will be able 
to offer VR experience 


Source: JFCfotografic/Shutterstock.com 


5G networks will have some initial drawbacks that must be overcome. More 
cell towers will be required because 5G cells are not able to broadcast as great a 
distance as a 3G or 4G cell. Because more cells will need to be installed, 5G users 
can expect that their coverage may not be as widespread at first. At least initially, 
5G devices must be designed to work on both the slower 4G networks and 5G net- 
works. 5G equipment is costly, so deployment and maintenance will be expensive. 
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network operating system 
(NOS): Systems software that 
controls the computer systems and 
devices on a network and allows them 
to communicate with each other. 


network-management 
software: Software that enables 

a manager on a networked desktop 
to monitor the use of individual 
computers and shared hardware 
(such as printers), scan for viruses, 
and ensure compliance with software 
licenses. 


mobile device management 
(MDM) software: Software 

that manages and troubleshoots 
mobile devices remotely, pushing 

out applications, data, patches, and 
settings while enforcing group policies 
for security. 


Communications Software 


A network operating system (NOS) is systems software that controls the com- 
puter systems and devices on a network and allows them to communicate with 
each other. The NOS performs similar functions for the network as operating 
system software does for a computer, such as memory and task management, 
and coordination of hardware. When network equipment (such as printers, 
plotters, and disk drives) is required, the NOS makes sure that these resources 
are used correctly. Linux (used on workstations), OS X (used on Apple MACs), 
UNIX (used on servers), and Windows Server (used on workstations and serv- 
ers) are common network operating systems. 

Because companies use networks to communicate with customers, busi- 
ness partners, and employees, network outages or slow performance can mean 
a loss of business. Network management includes a wide range of technologies 
and processes that monitor the network and help identify and address prob- 
lems before they can create a serious impact. 

Software tools and utilities are available for managing networks. With 
network-management software, a manager on a networked personal com- 
puter can monitor the use of individual computers and shared hardware (such 
as printers), scan for viruses, and ensure compliance with software licenses. 
Network-management software also simplifies the process of updating files and 
programs on computers on the network—a manager can make changes through 
a communications server instead of having to visit each individual computer. In 
addition, network-management software protects software from being copied, 
modified, or downloaded illegally. It can also locate communications errors and 
potential network problems. Some of the many benefits of network-management 
software include fewer hours spent on routine tasks (such as installing new soft- 
ware), faster response to problems, and greater overall network control. 

Banks use a special form of network-management software to monitor the 
performance of their automated teller machines (ATMs). Status messages can be 
sent over the network to a central monitoring location to inform support people 
about situations such as low cash or receipt paper levels, card reader problems, 
and printer paper jams. Once a status message is received, a service provider 
or branch location employee can be dispatched to fix the ATM problem. 

Today, most IS organizations use network-management software to ensure 
that their network remains up and running and that every network compo- 
nent and application is performing acceptably. The software enables IS staff 
to identify and resolve fault and performance issues before they affect end 
users. The latest network-management technology even incorporates automatic 
fixes: The network-management system identifies a problem, notifies the IS 
manager, and automatically corrects the problem before anyone outside the 
IS department notices it. 

The Covell Group is a small IT consulting group in San Diego that provides 
server and Web site monitoring for small- and medium-sized companies. The 
firm uses network-monitoring software to watch sensors and remote probes 
that track CPU, disk space, and Windows services. Constant monitoring enables 
the firm to detect if a communications line is down or if there is a power failure 
overnight so that everything is up and ready by the start of the next work day.’ 

Mobile device management (MDM) software manages and troubleshoots 
mobile devices remotely, pushing out applications, data, patches, and settings. 
With the software, a central control group can maintain group policies for security, 
control system settings, ensure malware protection is in place for mobile devices 
used across the network, and make it mandatory to use passwords to access the 
network. In addition to smartphones and tablets, laptops and desktops are some- 
times supported using MDM software as mobile device management becomes 
more about basic device management and less about a specific mobile platform. 

Jet Story is a Polish private jet airline that offers private jet rental services 
and professional aircraft purchasing consultancy services, as well as aircraft 
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software-defined networking 
(SDN): An emerging approach 

to networking that allows network 
administrators to have programmable 
central control of the network via a 
controller without requiring physical 
access to all the network devices. 


Critical 
Thinking 
Exercise 
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maintenance and management. The firm employs around 120 people including 
50 pilots and 20 flight attendants.° The firm needed to manage and control 
the iPads that its pilots use on board the aircraft in the cockpits. The specially 
outfitted iPads, called Electronic Flight Bags, provide pilots access to all neces- 
sary documentation and manuals. Jet Story employed mobile device monitoring 
software to ensure that every device was properly managed, for example, pro- 
tected with a passcode. The MDM software makes it easy to check the available 
memory on each device and list all installed applications. This fulfills European 
Aviation Safety Agent (EASA) regulations by ensuring that pilots always have 
fully functioning iPads with all the necessary documentation available.’ 


Software-Defined Networking (SDN) 


A typical network is comprised of hundreds or thousands of network devices that 
perform such tasks as routing and switching of data through the network, provid- 
ing network access and control, and enabling access to a variety of applications 
and services. In today’s current network environment, each network device must 
be configured individually, usually via manual keyboard input. For a network of 
any size, this becomes a labor-intensive and error-prone effort, making it difficult 
to change the network so it can meet the changing needs of the organization. 

Software-defined networking (SDN) is an emerging approach to net- 
working that allows network administrators to manage a network via a con- 
troller that does not require physical access to all the network devices. This 
approach automates tasks such as configuration and policy management and 
enables the network to dynamically respond to application requirements. As a 
result, new applications can be made available sooner, the risk of human error 
(a major contributor to network downtime) is reduced, and overall network 
support and operations costs are reduced. 

ProMedica is a 13-hospital nonprofit health care organization serving the 
residents of Indiana, Kentucky, Michigan, Ohio, Pennsylvania, and West Virginia. 
The organization made a major decision to implement the Epic Electronic Health 
Record (EHR) system and replace many legacy systems. Since Epic supports 
almost every health care activity, ProMedica needed to ensure its continuous avail- 
ability. To achieve this goal, both of ProMedica’s data centers, roughly 20 miles 
apart, were networked together and managed as one to create a fully redundant 
computing environment. This required a major overhaul of its data center network 
environment consisting of some 3,500 servers and numerous hubs, switches, and 
routers. The only practical solution was to convert to an SDN network architec- 
ture. Network and data center changes are faster, easier, and less risky with SDN. 
There is no longer a concern that when one thing is upgraded that something 
else may be negatively affected. No need to physically go to a network device 
to make a change thus greatly reducing change management and repair efforts.’ 


Local Hospital Upgrades Network 
© APPLICATION 


Smallville, Kansas is a small farming community of just under 50,000. The commu- 
nity is building an emergency care facility to treat patients with injuries or illnesses 
requiring immediate care, but not serious enough to require an emergency depart- 
ment visit. The facility will be staffed with enough physicians and nurses to handle 
a maximum of four patients per hour and 50 patients per day. It will also have a 
small administrative staff to handle patient record keeping and billing. A local IT 
consultant was hired to define how to meet the computing and networking needs 
of the facility. The consultants recommend that a small star local area network be 
used to connect all six laptop computers, two faxes, and two printers. The devices 
will connect to the central node of the network using fiber-optic cable. They further 
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The Internet and World 


recommend that network-management software be installed so that they can mon- 
itor the operation of the network from their offices located across town. Mobile 
device management software will be installed on all portable computing devices. 


Review Questions 


1. What advantages/disadvantages are there in installing a wired, star network to 
connect all the devices? Would you agree with the IT consultant’s recommen- 
dation in this regard? Why or why not? 

2. What specific benefits would be gained by installing network-management 
software? 


Critical Thinking Questions 

1. Are there any elements of the IT consultant’s recommendation that you do not 
support? If so, which ones and why? 

2. What specific suggestions do you have to improve upon the IT consultant’s 
recommendation? 


FIGURE 7.10 
Number of Internet users 
worldwide 
Source: “Internet Growth Statistics, “ httos:// 


www. internetworldstats.com/emarketing. 
htm, accessed September 27, 2018. 


The Internet has grown rapidly (see Figure 7.10) and is truly international in 
scope, with users on every continent—including Antarctica. As of November 2015, 
citizens of Asian countries make up about 49 percent, Europeans about 17 per- 
cent, Latin America/Caribbean about 10 percent, and North Americans about 
8 percent of all Internet users. China is the country with the most Internet users, 
with 772 million—which is more users than the next two countries combined 
(India 462 million and United States 312 million). Being connected to the Internet 
provides global economic opportunity to individuals, businesses, and countries. 


Internet Users—Millions 
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The ancestor of the Internet was the ARPANET, a project started by the U.S. 
Department of Defense (DoD) in 1969. The ARPANET was both an experiment 
in reliable networking and a means to link DoD and military research contrac- 
tors, including many universities doing military-funded research. (ARPA stands 
for the Advanced Research Projects Agency, the branch of the DoD in charge of 
awarding grant money. The agency is now known as DARPA—the added D is 
for Defense.) The ARPANET was highly successful, and every university in the 
country wanted to use it. This wildfire growth made it difficult to manage the 
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Internet backbone: One of the 
Internet’s high-speed, long-distance 
communications links. 


Transmission Control Protocol/ 
Internet Protocol (TCP/IP): A 
collection of communication protocols 
used to interconnect network devices 
on packet switching networks such as 
the Internet. 


IP address: A 32-bit number that 
identifies a computer on the Internet. 


switch: is a network device that 
keeps a record of the MAC (Media 
Access Control) address of all the 
devices connected to it and uses this 
information to determine to which port 
a frame of data should be directed. 


router: A network device that directs 
data packets to other networks until 
each packet reaches its destination. 
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ARPANET, particularly the rapidly growing number of university sites. So, the 
ARPANET was broken into two networks: MILNET, which included all military 
sites, and a new, smaller ARPANET, which included all the nonmilitary sites. The 
two networks remained connected, however, through use of the Internet protocol 
(IP) which enables traffic to be routed from one network to another as needed. All 
the networks connected to the Internet use IP, so they all can exchange messages. 


How the Internet Works 


In the early days of the Internet, the major communications companies around 
the world agreed to connect their networks so that users on all the networks 
could share information over the Internet. The communications media, routers, 
switches, communication towers, and satellites that make up these networks 
are the hardware over which Internet traffic flows. The combined hardware of 
the network service providers form the high-speed communications links that 
span the globe over land and under sea and make up the Internet backbone. 

The Internet works by breaking messages into packets of data that are routed 
through the network until they reach their desired destination as shown in 
Figure 7.11. The Transmission Control Protocol/Internet Protocol (TCP/IP) 
is a collection of communication protocols used to interconnect network 
devices on a packet switching network such as the Internet. TCP defines how 
applications can create channels of communication across a network. TCP also 
manages how a message is assembled into smaller packets before they are 
then transmitted over the Internet and reassembled in the proper sequence at 
the destination address. IP specifies how to address and route each packet to 
make sure it reaches the desired destination. A network following these stan- 
dards can link to the Internet’s backbone and become part of the worldwide 
Internet community. 


IP Address and MAC Address 


Because the Internet is a global network of computers, each computer con- 
nected to the Internet must have a unique address called its IP address. An 
IP address is a 32-bit number that uniquely identifies a computer on the 
Internet. The IP stands for Internet Protocol. The IP address gets linked to all 
online activity you do. The 32-bit number is typically divided into four bytes 
and translated to decimal; for example, 69.32.133.79. The Internet is migrating 
to Internet Protocol version 6 (IPv6), which uses 128-bit addresses to provide 
for many more devices. 

A network interface card (NIC) is a circuit board or card that is installed 
into a hardware device so that it can be connected to a network. During the 
manufacturing process, the manufacturer “burns” a specific MAC address into 
the read only memory (ROM) of each network card. 


Network Hardware 


The terms switch and router are often used interchangeably, but these devices 
each perform different functions as will now be discussed. 

The switch is a network device that keeps a record of the Media Access 
Control (MAC) address of all the devices connected to it. It uses this informa- 
tion to determine to which port a packet of data should be directed. When a 
switch receives a packet, it knows exactly which port to send it to, with no 
significant increase in network response times. Networks today use switches to 
connect computers, printers, phones, cameras, lights, and servers in a building 
or campus. 

The router is a network device that directs data packets to other net- 
works until each packet reaches its destination. One of the key features of a 
data packet is that it not only contains data, but also the destination address 
of where it’s going. The information needed to get data packets to their 
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destinations is stored in routing tables maintained by each router connected 
to the Internet. A router usually connects two different networks and routes 
data packets between them. Each router knows about its subnetworks and 
which IP addresses they use. The largest and most powerful network routers 
form the Internet backbone. 
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FIGURE 7.11 
How the Internet works 
Data is transmitted from one host computer to another on the Internet. 


Routing 


Routers in the network obtain the destination address from each data packet 
header and find it in their lookup table. The lookup table specifies the next 
router to which to send the packet to move it one step closer to its destination. 
However, the routers are programmed to “look ahead” and balance the data 
transmission load across the various network devices on a millisecond-by- 
millisecond basis. If there are too many packets of data following a given path, 
the router will choose an alternate path. The routers are even able to detect 
if there is a problem with one piece of equipment in the network and re-route 
the data packets around the problem. This will ensure the eventual delivery 
of the entire message. It is entirely possible that because of this dynamic 
routing, packets may arrive at the destination device out of order. So once 
the packets arrive at their destination, that device strips off the header and 
trailer information and reassembles the entire message based on the numbered 
sequence of the packets. 
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Accessing the Internet 


You can connect to the Internet in numerous ways. Which access method you 
choose is determined by where you are located and the equipment and services 
available to you. 


Connecting via Internet Service Providers 


Internet service provider (ISP): Users in organizations or at home access the Internet through an Internet 
Any organization that provides Internet service provider, an organization that provides Internet access to people. 
a people: Thousands of organizations serve as ISPs, ranging from universities that make 
the Internet available to students and faculty to small Internet businesses to 
major communications giants such as AT&T and Comcast. To connect to the 
Internet through an ISP, you must have an account with the service provider 
(for which you usually pay) along with software (such as a browser) and 
devices (such as a computer or smartphone) that support a connection via 
TCP/IP. 
Several high-speed Internet services are available for home and business. 
They include cable modem connections from cable television companies, DSL 
connections from phone companies, and satellite connections from satellite 
television companies. 


Wireless Connection 


In addition to connecting to the Internet through wired systems such as phone 
lines and fiber optic cables, wireless Internet service over cellular and Wi-Fi 
networks has become common. Thousands of public Wi-Fi services are avail- 
able in coffee shops, airports, hotels, and elsewhere, where Internet access is 
provided free, for an hourly rate, or for a monthly subscription fee. Wi-Fi has 
even made its way into aircraft, allowing business travelers to be productive 
during air travel by accessing email and corporate networks. 

Cell phone carriers also provide Internet access for smartphones, note- 
books, and tablets. The 4G mobile phone services rival wired high-speed 
connections used at home and work. The major wireless communications com- 
panies including AT&T, Sprint, T-Mobile, and Verizon have brought nearly total 
4G service to subscribers in populated areas of the U.S. 


How The World Wide Web Works 


The World Wide Web was developed by Tim Berners-Lee at CERN, the Euro- 
pean Organization for Nuclear Research in Geneva. He originally conceived of 
it as an internal document-management system. From this modest beginning, 
the Web has grown to become a primary source of news and information, an 
indispensable conduit for commerce, and a popular hub for social interaction, 
entertainment, and communication. 

While the terms Internet and Web are often used interchangeably, tech- 
nically, the two are different technologies. The Internet is the infrastructure 
on which the Web exists. The Internet is made up of computers, network 
hardware such as switches, routers, communications media, software, and the 
TCP/IP protocols. The World Wide Web (Web), on the other hand, consists of 
server and client software, the hypertext transfer protocol (http), standards, 
and markup languages that combine to deliver information and services over 
the Internet. 


Client/Server Architecture 


; ; ; Client/server architecture, is a networking approach wherein many clients (end- 
is a networking approach wherein many ti devices) tand A y f ners (host com 
clients (end-user computing devices) user computing devices) request and receive services from servers (host co 

request and receive services from puters) on the network. Servers receive client user requests, process them, and 
servers (host computers) on the network. obtain the requested data. This may require queries to a database and encoding 


client/server architecture: This 
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FIGURE 7.12 


Client/Server Architecture 


domain name system: A system 
that maps the name people use to 
locate a website to the IP address that 
a computer uses to locate a website. 


Uniform Resource Locator 
(URL): A Web address that specifies 
the exact location of a Web page using 
letters and words that map to an IP 
address and a location on the host. 


the data into the HTML format. This is the computing model that is employed to 
support the Web. Figure 7.12 illustrates this client/server architecture. 

The client computers provide an interface to allow the client computer 
user to request services of the server computers. The client computers also 
display the results (Web pages) that the servers return. JavaScript, VBA Script, 
HTML, CSS, and Ajax are among other widely used client-side programming 
languages. 

Server-side programming creates a program that runs on the server and 
deals with generation of the content of a Web page to satisfy the client’s request. 
The Web site uses server-side programming to dynamically display different 
data as needed. The data is pulled from a database stored on the server and 
sent to the client to be displayed by client-side code. Server-side programming 
enables Web site designers to customize Web site content for individual users. 
Online shopping Web sites such as Amazon use server-side programming to 
make customer recommendations based on customer preferences and previous 
purchases. Social media Web sites like Facebook use server-side programming 
to highlight, share, and control access to content deemed interesting to the 
user. PHP, C++, Java, Python, and Ruby on Rails are among the most widely 
used server-side programming languages. 
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Domain Name System (DNS) 


The domain name system maps the name people use to locate a Web site to 
the IP address that a computer uses to locate a Web site. For example, if you 
type TechTarget.com into a Web browser, a server behind the scenes will map 
that name to the IP address 206.19.49.149. 

A Uniform Resource Locator (URL) is a Web address that specifies the 
exact location of a Web page using letters and words that map to an IP address 
and a location on the host. The URL gives those who provide information over 
the Internet a standard way to designate where Internet resources such as 
servers and documents are located. Consider the URL for Cengage Learning, 
hitp:/Avww.cengage.com/us. 

The “http” specifies the access method and tells your software to access 
a file using the Hypertext Transport Protocol. This is the primary method for 
interacting with the Internet. In many cases, you don’t need to include http:// 
in a URL because it is the default protocol. The “www” part of the address 
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sometimes signifies that the address is associated with the World Wide Web ser- 
vice. The URL www.cengage.com is the domain name that identifies the Internet 
host site. The part of the address following the domain name—/us—specifies 
an exact location on the host site. 

Domain names must adhere to strict rules. They always have at least two 
parts, with each part separated by a dot (period). For some Internet addresses, 
the far-right part of the domain name is the country code, such as au for 
Australia, ca for Canada, dk for Denmark, fr for France, de (Deutschland) for 
Germany, and jp for Japan. Many Internet addresses have a code denoting affil- 
iation categories, such as com for business sites and edu for education sites. 
Table 7.4 contains a few popular domain affiliation categories. The far-left part 
of the domain name identifies the host network or host provider, which might 
be the name of a university or business. Other countries use different top-level 
domain affiliations from the U.S. ones described in the table. 


TABLE 7-4 Number of domains in U.S. top-level domain affiliations 


Affiliation ID Affiliation 


Biz Business sites 

Com All types of entities including nonprofits, schools, and private 
individuals 

Edu Post-secondary educational sites 

Gov Government sites 

Net Networking sites 

Org Nonprofit organization sites 


SOURCE: Domain Count Statistics for TLDs, bttp//research.domaintools.com/statistics/tld-counts. 


The Internet Corporation for Assigned Names and Numbers (ICANN) is 
responsible for managing IP addresses and Internet domain names. One of 
ICANN’s primary concerns is to make sure that each domain name represents 
only one individual or entity—the one that legally registers it. For example, 
if your teacher wanted to use www.cengage.com for a course Web site, he or 
she would discover that domain name has already been registered by Cengage 
Learning and is not available. ICANN uses companies called accredited domain 
name registrars to handle the business of registering domain names. For exam- 
ple, you can visit www.namecheap.com, an accredited registrar, to find out if a 
particular name has already been registered. If not, you can register the name 
for around $9 per year. Once you do so, ICANN will not allow anyone else to 
use that domain name as long as you pay the yearly fee. 


Hyperlinks 

The Web was designed to make information easy to find and organize. 

It connects billions of documents, called Web pages, stored on millions of 

servers around the world. Web pages are connected to each other using 
hyperlink: Highlighted text or hyperlinks, specially denoted text or graphics on a Web page, that, when 
graphics in a Web document that, clicked, open a new Web page containing related content. Using hyperlinks, 
WHILE ORE opensa New Web Page users can jump between Web pages stored on various Web servers—creating 
containing related content. p 3 p 2 4 ; 

the illusion of interacting with one big computer. Because of the vast 

amount of information available on the Web and the wide variety of media, 

the Web has become the most popular means of accessing information in 

the world today. 
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Web browser: Web client 
software—such as Chrome, Edge, 
Firefox, Internet Explorer, and Safari— 
used to view Web pages. 
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In short, the Web is a hyperlink-based system that uses the client/server 
model. It organizes Internet resources throughout the world into a series of 
linked files, called pages, which are accessed and viewed using Web client 
software called a Web browser or just browser. Google Chrome, Mozilla Fire- 
fox, Microsoft Edge, Internet Explorer, Apple Safari, and Opera are popular 
Web browsers. See Figure 7.13. A collection of pages on one particular topic, 
accessed under one Web domain, is called a Web site. The Web was originally 
designed to support formatted text and pictures on a page. It has evolved to 
support many more types of information and communication including ani- 
mation, games, social media, and video. Web plug-ins help provide additional 
features to standard Web sites. Adobe Flash and Real Player are examples of 
Web plug-ins. 


Gmail Images 


GR 


Account Search Maps 


a 
v 
a 


YouTube Play News 


~ 


Search Google or type a URL 


x 
© 
c 


Gmail Contacts Drive 
* © Ð & 
© Q 
Amazon.com: O. Local Weather t Cengage Facebook Error 
Calendar Google+ Translate 
s a 7) g + o 
(*) Twitter Photos - Googl. Select Period jira.cengage.com Add shortcut Photos 


a, 


Web browsers such as Google Chrome let you access Internet resources such as email and other online applications. 


Source: Google, Inc. 


Hypertext Markup Language 
(HTML): The standard page 
description language for Web pages. 


HTML tag: A code that tells the 
Web browser how to format text—as a 
heading, as a list, or as body text—and 
whether images, sound, and other 
elements should be inserted. 


Hypertext Markup Language (HTML) 


Hypertext Markup Language (HTML) is the standard page description lan- 
guage for Web pages. HTML is defined by the World Wide Web Consortium 
(referred to as “W3C”) and has developed through numerous revisions. It is 
currently in its fifth revision—HTML5. HTML tells the browser how to dis- 
play font characteristics, paragraph formatting, page layout, image placement, 
hyperlinks, and the content of a Web page. HTML uses HTML tags, also called 
tags, which are codes that tell the browser how to format the text or graphics 
as a heading, list, or body text, for example. 

Web site creators “mark up” a page by placing HTML tags before and 
after one or more words. For example, to have the browser display a sen- 
tence as a heading, you place the <h1> tag at the start of the sentence and an 
</h1> tag at the end of the sentence. When that page is viewed in a browser, 
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Extensible Markup Language 
(XML): The markup language 
designed to transport and store data 
on the Web. 


Cascading Style Sheet (CSS): 
A markup language for defining the 
visual design of a Web page or group 
of pages. 
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the sentence is displayed as a heading. HTML also provides tags to import 
objects stored in files—such as photos, graphics, audio, and movies—into a 
Web page. In short, a Web page is made up of three components: text, tags, 
and references to files. The text is your Web page content, the tags are codes 
that mark the way words will be displayed, and the references to files insert 
photos and media into the Web page at specific locations. All HTML tags are 
enclosed in a set of angle brackets (< and >), such as <h2>. The closing tag 
has a forward slash in it, such as </b> for closing bold. Consider the following 
text and tags. 


Extensible Markup Language (XML) 

Extensible Markup Language (XML) is a markup language for Web docu- 
ments containing structured information, including words and pictures. XML 
does not have a predefined tag set. With HTML, for example, the tag always 
means a first-level heading. The content and formatting are contained in the 
same HTML document. XML Web documents contain the content of a Web 
page. The formatting of the content is contained in a style sheet. A few typical 
instructions in XML follow: 


<book> 

<chapter>Hardware</chapter> 

<topic>Input Devices</topic> 
<topic>Processing and Storage Devices</topic> 
<topic>Output Devices</topic> 

</book> 


Cascading Style Sheet (CSS) 


A Cascading Style Sheet (CSS) is a file or portion of an HTML file that 
defines the visual appearance of content in a Web page. Using CSS is con- 
venient because you only need to define the technical details of the page’s 
appearance once, rather than in each HTML tag. CSS uses special HTML 
tags to globally define characteristics for a variety of page elements as well 
as how those elements are laid out on the Web page. Rather than having to 
specify a font for each occurrence of an element throughout a document, 
formatting can be specified once and applied to all occurrences. CSS styles 
are often defined in a separate file and then can be applied to many pages 
on a Web site. 

For example, the visual appearance of the preceding XML content could 
be contained in the following style sheet: 


chapter (font-size 18pt; color blue; font-weight bold; 
display block; font-family Arial; 

margin-top 10pt; margin-left 5pt) 

topic (font-size 12pt; color red; font-style italic; 
display block; font-family Arial; 

margin-left 12pt) 


This style sheet specifies that the chapter title “Hardware” is displayed on 
the Web page in a large Arial font (18 points). “Hardware” will also appear 
in bold blue text. The “Input Devices” title will appear in a smaller Arial font 
(12 points) and italic red text. 

XML is extremely useful for organizing Web content and making data easy 
to find. Many Web sites use CSS to define the design and layout of Web pages, 
XML to define the content, and HTML to join the design (CSS) with the content 
(XML). See Figure 7.14. This modular approach to Web design allows Web site 
developers to change the visual design without affecting the content and to 
change the content without affecting the visual design. 
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XML, CSS, and HTML 

Today's Web sites are created using 
XML to define content, CSS to 
define the visual style, and HTML to 
put it all together. 
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Developing Web Content and Applications 


If you need to create a Web site, you have many options. You can hire some- 
one to design and build it, or you can do it yourself. If you do it yourself, you 
can use an online service to create the Web pages, use a Web page creation 
software tool, or use a plain text editor to create the site. 

Popular tools for creating Web pages and managing Web sites include Adobe 
Dreamweaver, RapidWeaver (for Mac developers), and Nvu (pronounced n-view). 
See Figure 7.15. Today’s Web development applications allow developers to 
create Web sites using software that resembles a word processor. The software 
includes features that allow the developer to work directly with the HTML code 
or to use auto-generated code. Web development software also helps the designer 
keep track of all files in a Web site and the hyperlinks that connect them. 

Many products make it easy to develop Web content and interconnect Web 
services, as discussed in the next section. Microsoft, for example, provides a 
development and Web services platform called .NET, which allows developers 
to use various programming languages to create and run programs, including 
those for the Web. The .NET platform also includes a rich library of program- 
ming code to help build XML Web applications. Other popular Web development 
platforms include JavaServer Pages, Microsoft ASP.NET, and Adobe ColdFusion. 

After you create Web pages, your next step is to place or publish the con- 
tent on a Web server. Popular publishing options include using ISPs, free sites, 
and Web hosting services. Web hosting services provide space on their Web 
servers for people and businesses that don’t have the financial resources, time, 
or skills to host their own Web sites. A Web host can charge $15 or more per 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


CHAPTER 7 @ Networks: An Interconnected World 269 


w Seaworld Locations - Shamu, Doiphins, Rolier Coasters and Shows |tiie:/..Jsw_index.aspr. HTM) - Nvu =x 
Format Table Jools Help 


Q. 222 ©2208 e@0@.@ @. Nv 


Publish Browse Anchor Urk image Tabe Form 


~~ | 
—= 


Decco s 
Passport Member Tock 


® InsiderWelcome 
© Mailing List Subscripti 
+ Sales 


<body> <table> <tbody> <tr> <td> <table> <tbody> <tr> <td> <table> <tbody> <tr> <td> <a> <img> 


Creating Web pages 


Nvu makes Web design nearly as easy as using a word processor. 
Source: SOFTONIC INTERNATIONAL S.A. 


month, depending on services. Some Web hosting sites include domain name 
registration, Web authoring software, activity reporting, and Web site monitor- 
ing. Some ISPs also provide limited storage space, typically 1 to 6 megabytes, 
as part of their monthly fee. If more disk space is needed, additional fees are 
charged. Free sites offer limited space for a Web site. In return, free sites often 
require the user to view advertising or agree to other terms and conditions. 
Some Web developers are creating programs and procedures to combine 
two or more Web applications into a new service, called a mashup—named after 
the process of mixing two or more hip-hop songs into one song. Map applica- 
tions such as Google Maps provide tool kits that allow them to be combined 
with other Web applications. For example, Google Maps can be used with Twit- 
ter to display the location where various tweets were posted. Likewise, Google 
Maps combined with Flickr can overlay photos of specific geographic locations. 


Internet and Web Applications 


The variety of Internet and Web applications available to individuals and orga- 
nizations around the world is vast and ever expanding. 


Web 2.0 and the Social Web 


Over the years, the Web has evolved from a one-directional resource where 
users only obtain information to a two-directional resource where users obtain 
and contribute information. Consider Web sites such as YouTube, Wikipedia, 
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Web 2.0: The Web as a computing 
platform that supports software 
applications and the sharing of 
information among users. 
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and Facebook as just a few examples. The Web has also grown in power to 
support full-blown software applications such as Google Docs and is becoming 
a computing platform itself. These two major trends in how the Web is used 
and perceived have created dramatic changes in how people, businesses, and 
organizations use the Web, creating a paradigm shift to Web 2.0. 

The original Web—Web 1.0—provided a platform for technology-savvy 
developers and the businesses and organizations that hired them to publish 
information for the general public to view. Web sites such as YouTube and 
Flickr allow users to share video and photos with other people, groups, and 
the world. Microblogging sites such as Twitter allow people to post thoughts 
and ideas throughout the day for friends to read. See Figure 7.16. 


Tolmer Falls 
by Louise Denton 


tos with other people around the world. 


Social networking Web sites provide Web-based tools for users to share 
information about themselves and to find, meet, and converse with other mem- 
bers. Instagram is a popular social networking service through which users 
can share photos and videos—either publicly or with a set group of friends. 
Another social network, LinkedIn, is designed for professional use to assist 
its members with creating and maintaining valuable professional connections. 
Ning provides tools for Web users to create their own social networks dedicated 
to a topic or interest. 

Social networks have become very popular for finding old friends, staying 
in touch with current friends and family, and making new friends. Besides 
their personal value, these networks provide a wealth of consumer information 
and opportunities for businesses as well. Some businesses are including social 
networking features in their workplaces. 
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The use of social media in business is called Enterprise 2.0. Enterprise 2.0 
applications, such as Salesforce’s Chatter, Jive Software’s Engage Dialog, and 
Yammer, enable employees to create business wikis, support social networking, 
perform blogging, and create social bookmarks to quickly find information. 
Tyco, a fire protection and security company, recently went through a major 
restructuring, changing from a conglomerate of holding companies to a united 
global enterprise with more than 69,000 employees in 50 countries. Throughout 
its transition, Tyco relied on Yammer rather than email to educate its workforce 
on the differences between the old Tyco and the new Tyco and to increase 
employee engagement across the company. ° 

Not everyone is happy with social networking sites, however. Employers 
might use social networking sites to get personal information about you. Some 
people worry that their privacy will be invaded or their personal information 
used without their knowledge or consent. 


News 


The Web is a powerful tool for keeping informed about local, state, national, 
and global news. It has an abundance of special-interest coverage and provides 
the capacity to deliver deeper analysis of the subject matter. Text and photos 
are supported by the HTML standard. Video (sometimes called a Webcast) and 
audio are provided in a browser through plug-in technology and in podcasts. 

As traditional news sources migrate to the Web, new sources are emerging 
from online companies. News Web sites from Google, Yahoo!, Digg, and News- 
vine provide popular or interesting stories from a variety of news sources. In a 
trend some refer to as social journalism or citizen journalism, ordinary citizens 
are more involved in reporting the news than ever before. Although social 
journalism provides important news not available elsewhere, its sources may 
not be as reliable as mainstream media sources. It is also sometimes difficult 
to discern news from opinion. 


Education and Training 
Today, institutions and organizations at all levels provide online education 
and training, which can be accessed via PCs, tablets, and smartphones. Kahn 
Academy, for example, provides free online training and learning in economics, 
math, banking and money, biology, chemistry, history, and many other sub- 
jects.’ NPower helps nonprofit organizations, schools, and individuals develop 
information system skills. The nonprofit organization provides training to hun- 
dreds of disadvantaged young adults through a 22-week training program that 
can result in certification from companies such as Microsoft and Cisco. 
High school and college students are also using mobile devices to read 
electronic textbooks instead of carrying heavy printed textbooks to class. And 
educational support products, such as Blackboard, provide an integrated Web 
environment that includes virtual chat for class members; a discussion group 
for posting questions and comments; access to the class syllabus and agenda, 
student grades, and class announcements; and links to class-related material. 
Conducting classes over the Web with no physical class meetings is called 
distance learning. 


Job Information 


The Web is also an excellent source of job-related information. People looking 
for their first jobs or seeking information about new job opportunities can find 
a wealth of information online. Search engines, such as Google or Bing (dis- 
cussed next), can be a good starting point for searching for specific companies 
or industries. You can use a directory on Yahoo’s home page, for example, to 
explore industries and careers. Most medium and large companies have Web 
sites that list open positions, salaries, benefits, and people to contact for further 
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information. The IBM Web site, www.ibm.com, has a link to “Careers.” When 
you click this link, you can find information on jobs with IBM around the 
world. In addition, several sites specialize in helping you find job information 
and even apply for jobs online, including www.linkedin.com (see Figure 7.17), 
www.monster.com, and www.careerbuilder.com. 
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Linkedin and many other Web sites specialize in helping people get information about jobs and apply for jobs online. 


Source: LinkedIn Corporation 


search engine: A valuable tool 
that enables you to find information 

on the Web by specifying words that 
are key to a topic of interest, known as 
keywords. 


search engine optimization 
(SEO): A process for driving traffic to 
a Web site by using techniques that 
improve the site’s ranking in search 
results. 


Search Engines and Web Research 


A search engine is a valuable tool that enables you to find information on the 
Web by specifying words or phrases known as keywords, which are related to 
a topic of interest. You can also use operators such as AND, OR, and NOT for 
more precise search results. 

The search engine market is dominated by Google. Other popular search 
engines include Yahoo! Search, Bing, Ask, Dogpile, and China’s Baidu. Google has 
taken advantage of its market dominance to expand into other Web-based services, 
most notably email, scheduling, maps, social networking, Web-based applications, 
and mobile device software. Search engines like Google often have to modify how 
they display search results, depending on pending litigation from other Internet 
companies and government scrutiny, such as antitrust investigations. 

The Bing search engine has attempted to innovate with its design. Bing 
refers to itself as a decision engine because it attempts to minimize the amount 
of information that it returns in its searches that is not useful or pertinent. Bing 
also includes media—music, videos, and games—in its search results. 

Savvy Web site operators know that the search engine results are tools 
that can draw visitors to certain Web sites. Many businesses invest in search 
engine optimization (SEO)—a process for driving traffic to a Web site by 
using techniques that improve the site’s ranking in search results. Normally, 
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when a user gets a list of results from a Web search, the links listed highest on 
the first page of search results have a far greater chance of being clicked. SEO 
professionals, therefore, try to get the Web sites of their businesses to be listed 
with as many appropriate keywords as possible. They study the algorithms 
that search engines use, and then they alter the contents of their Web pages to 
improve the page’s chance of being ranked number one. SEO professionals use 
Web analytics software to study detailed statistics about visitors to their sites. 
Search engines offer just one option for performing research on the Web. 
Libraries typically provide access to online catalogs as well as links to public 
and sometimes private research databases on the Web. Online research data- 
bases allow visitors to search for information in thousands of journal, magazine, 
and newspaper articles. Information database services are valuable because 
they offer the best in quality and convenience. They conveniently provide full- 
text articles from reputable sources over the Web. College and public libraries 
typically subscribe to many databases to support research. One of the most 
popular private databases is LexisNexis Academic Universe. See Figure 7.18. 
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instant messaging: The online, 
real-time communication between two 
or more people who are connected via 
the Internet. 


F 


Instant Messaging 


Instant messaging is online, real-time communication between two or more 
people who are connected via the Internet. With instant messaging, partici- 
pants build contact lists of people they want to chat with. Some applications 
allow you to see which of your contacts are currently logged on to the Inter- 
net and available to chat. If you send messages to one of your contacts, that 
message appears within the messaging app on a smartphone or other mobile 
device, or, for those working on PCs, the message opens in a small dialog box 
on the recipient’s computer. Although chat typically involves exchanging text 


jhts Reserved. May nc copied, s d, or duplicated hole or in part. WCN 02-200-2 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


274 PART 2 @ Technology Infrastructure 


messages with one other person, many messaging apps allow for group chats. 
And today’s instant messaging software supports not only text messages but 
also the sharing of images, videos, files, and voice communications. Popular 
instant messaging services include Facebook Messenger, KIK Messenger, Ins- 
tagram, Skype, Snapchat, WhatsApp, and WeChat. It is estimated that mobile 
operators lost $23 billion in 2012 alone as teens shifted away from texting over 
cellular networks in favor of communicating with their friends over the Internet 
using instant messaging apps.’ 


Microblogging, Status Updates, and News Feeds 
Referred to as a microblogging service, Twitter is a Web application that allows 
users to send short text updates (up to 280 characters) from a smartphone or 
a Web browser to their Twitter followers. While Twitter has been hugely suc- 
cessful for personal use, many businesses are finding value in the service as 
well. Business people use Twitter to stay in touch with associates by sharing 
their location and activities throughout the day. Businesses also find Twitter 
to be a rich source of consumer sentiment that can be tapped to improve mar- 
keting, customer relations, and product development. Many businesses have a 
presence on Twitter, dedicating personnel to communicate with customers by 
posting announcements and reaching out to individual users. Village Books, 
an independent bookstore in Bellingham, Washington, uses Twitter to build 
relationships with its customers and to make them feel part of their community. 
The popularity of Twitter has caused social networks, such as Facebook, 
LinkedIn, and Tumblr, to include Twitter-like news or blog post feeds. Previ- 
ously referred to as Status Updates, Facebook users share their thoughts and 
activities with their friends by posting messages to Facebook’s News Feed. 


Conferencing 

Some Internet technologies support real-time online conferencing. Participants 
dial into a common phone number to share a multiparty phone conversation 
and, in many cases, live video of the participants. The Internet has made it 
possible for those involved in teleconferences to share computer desktops. 
Using services such as WebEx or GoToMeeting, conference participants log on 
to common software that allows them to broadcast their computer display to 
the group. This ability is quite useful for presenting with PowerPoint, demon- 
strating software, training, or collaborating on documents. Participants verbally 
communicate by phone or PC microphone. 

Athena Software is the developer of Penelope, case management software 
that enables its users to track all of a client’s information in one place. This 
includes appointments, billing, case notes, client communication, and schedul- 
ing. Athena made a major product sale that required it to train 11,000 new users 
on their product in just 30 days. Athena employed GoToMeeting to record, 
publish, and distribute many brief, focused training sessions that the new users 
could view anytime to become effective users of the software." 

You don’t need to be a big business to enjoy the benefits of video conver- 
sations. Free software is available to make video chat easy to use for anyone 
with a computer, a Webcam, and a high-speed Internet connection. Online 
applications such as Google Voice support video connections between Web 
users. For spontaneous, random video chat with strangers, you can go to the 
Chatroulette Web site. Software, such as FaceTime and Skype, provide com- 
puter-to-computer video chat so users can speak to each other face-to-face. 
In addition to offering text, audio, and video chat on computers and mobile 
devices, Facetime and Skype offer video phone service over Internet-connected 
TVs. Recent Internet-connected sets from Panasonic and Samsung ship with the 
Skype software preloaded. You attach a Webcam to your TV to have a video 
chat from your sofa. 
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can listen to over the Internet. 


content streaming: A method 
for transferring large media files over 
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Blogging and Podcasting 

A blog is a Web site that people and businesses use to share their observations, 
experiences, and opinions on a wide range of topics. The community of blogs 
and bloggers is often called the blogosphere. A blogger is a person who creates 
a blog, whereas blogging refers to the process of placing entries on a blog site. 
A blog is like a journal. When people post information to a blog, it is placed at 
the top of the blog page. Blogs can include links to external information and 
an area for comments submitted by visitors. Many organizations launch blogs 
as a way to communicate with customers and generate new business. Video 
content can also be placed on the Internet using the same approach as a blog. 
This is often called a video log or vlog. 

A podcast is an audio broadcast you can listen to over the Internet. The 
name podcast originated from Apple’s iPod combined with the word broadcast. 
A podcast is like an audio blog. Using PCs, recording software, and micro- 
phones, you can record podcast programs and place them on the Internet. 
Apple’s iTunes provides free access to tens of thousands of podcasts, which are 
sorted by topic and searchable by keyword. After you find a podcast, you can 
download it to your PC (Windows or Mac), to an MP3 player such as an iPod, 
or to any smartphone or tablet. You can also subscribe to podcasts using RSS 
software included in iTunes and other digital audio software. 


Online Media and Entertainment 


Like news and information, all forms of media and entertainment have 
followed their audiences online. Music, movies, television program episodes, 
user-generated videos, e-books, and audio books are all available online to 
download and purchase or stream. 

Content streaming is a method of transferring large media files over the 
Internet so that the data stream of voice and pictures plays more or less con- 
tinuously as the file is being downloaded. For example, rather than wait for 
an entire 5 MB video clip to download before they can play it, users can begin 
viewing a streamed video as it is being received. Content streaming works 
best when the transmission of a file can keep up with the playback of the file. 


Music 
The Internet and the Web have made music more accessible than ever, with 
artists distributing their songs through online radio, subscription services, and 
download services. Spotify, Pandora, Napster, and Google Play Music are just a 
few examples of Internet music sites. Internet music has even helped sales of 
classical music by Mozart, Beethoven, and others. Internet companies, includ- 
ing Facebook, are starting to make music, movies, and other digital content 
available on their Web sites. Facebook, for example, allows online music com- 
panies, such as Spotify and Radio, to post music-related news on its Web site. 

Apple’s iTunes was one of the first online music services to find success. 
Microsoft, Amazon, Walmart, and other retailers also sell music online. Down- 
loaded music may include digital rights management (DRM) technology that 
prevents or limits the user’s ability to make copies or to play the music on 
multiple players. 

Podcasts are yet another way to access music on the Web. Many indepen- 
dent artists provide samples of their music through podcasts. Podcast Alley 
includes podcasts from unsigned artists. 


Movies, Video, and Television 

Television and movies are expanding to the Web in leaps and bounds. Online 
services such as Amazon Prime Video, Hulu, and Netflix provide television 
programming from hundreds of providers, including most mainstream tele- 
vision networks. Walmart’s acquisition of Vudu has allowed the big discount 
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retailer to successfully get into the Internet movie business. Increasingly, TV 
networks offer apps for streaming TV content to tablets and other mobile 
devices. Some TV networks charge viewers to watch episodes of their favorite 
shows online. The Roku LT Streaming Media Box connects wirelessly to your 
TV and streams TV shows and movies from online sources such as Amazon 
Prime, Sony Crackle, Disney, Hulu, Netflix, and Xfinity TV. 

No discussion of Internet video would be complete without mentioning 
YouTube. YouTube supports the online sharing of user-created videos. YouTube 
videos tend to be relatively short and cover a wide range of categories from 
the nonsensical to college lectures. It is estimated that 400 hours of video are 
uploaded to YouTube every minute and that over 1 billion hours of video are 
watched each day on YouTube.’ Other video-streaming sites include Veoh, 
Metacafe, Internet Archive, Sony Crackle, and Vimeo. As more companies create 
and post videos to Web sites like YouTube, some IS departments are creating 
a new position—video content manager. 


Online Games and Entertainment 


Video games have become a huge industry with worldwide annual revenue 
projected to exceed $138 billion by the end of 2018.'° The market for online 
gaming is very competitive and constantly changing. After Google included 
online games on its Web site, Facebook updated its online gaming offerings. 
Many video games are available online. They include single-user, multiuser, and 
massively multiuser games. The Web offers a multitude of games for all ages, 
including role-playing games, strategy games, and simulation games. Among 
the most popular online games of 2018 are Fortnite Battle Royale, Player 
Unknown’s Battlegrounds, League of Legends, Splatoon 2, and Hearthstone. 

Game consoles such as the PlayStation, Wii, and Xbox provide multiplayer 
options for online gaming over the Internet. Subscribers can play with or 
against other subscribers in 3D virtual environments. They can even talk to 
each other using a microphone headset. 


Shopping Online 

Shopping on the Web can be convenient, easy, and cost effective. You can buy 
almost anything online, from books and clothing, to cars and sports equipment. 
Groupon, for example, offers discounts at restaurants, spas, auto repair shops, 
music performances, and almost any other product or service offered in your 
area or city. Revenues for Groupon were nearly $3 billion in 2017." 

Other online companies offer different services. Dell and many other com- 
puter retailers provide tools that allow shoppers to specify every aspect and com- 
ponent of a computer system to purchase. ResumePlanet.com would be happy to 
create your professional résumé. AmazonFresh, Costco, Kroger, Safeway, Trader 
Joe’s, Walmart, and Whole Foods all have at least some stores in some states will- 
ing to deliver groceries to your doorstep. Products and services abound online. 

Amazon acquired Whole Foods in 2017 for $13.7 billion in a move that 
shook up the entire grocery industry. Amazon soon began to sell its devices like 
Echo in stores and reserved lockers for delivery in certain Whole Foods loca- 
tions. In some Whole Foods stores, there are now signs for special discounts for 
Amazon Prime members. Those discounts will likely become national. Whole 
Foods has also begun to offer free delivery for Prime members. 

Many online shopping options are available to Web users. Online versions 
of retail stores often provide access to products that may be unavailable in local 
stores. BestBuy, Target, Walmart, and many others carry only a percentage of 
their inventory in their retail stores; the other inventory is available online. To 
add to their other conveniences, many Web sites offer free shipping and pickup 
for returned items that don’t fit or otherwise meet a customer’s needs. 

Web sites such as www.mySimon.com, www.DealTime.com, www.PriceSCAN 
.com, www.PriceGrabber.com, and www.NexTag.com provide product price 
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quotations from numerous online retailers to help you to find the best deal. 
Apps such as BuyVia, Purchx, RedLaser, and Shop Savvy enable users to com- 
pare prices at national and local outlets and lets you set up alerts Gincluding 
location-based) for products. At a store and unsure if the price on the shelf is the 
lowest you can find? Use the UPC barcode scanner to get an answer on the spot. 

Online clearinghouses, Web auctions, and marketplaces offer a platform 
for businesses and individuals to sell their products and belongings. Online 
clearinghouses, such as www.uBid.com, provide a method for manufacturers 
to liquidate stock and for consumers to find a good deal. Outdated or over- 
stocked items are put on the virtual auction block and users bid on the items. 
The highest bidder when the auction closes gets the merchandise—often for 
less than 50 percent of the advertised retail price. 

The most popular online auction is eBay, shown in Figure 7.19. The site 
provides a public platform for global trading where anyone can buy, sell, or 
trade practically anything. It offers a wide variety of features and services that 
enable members to buy and sell on the site quickly and conveniently. Buyers 
have the option to purchase items at a fixed price or in an auction-style format, 
where the highest bid wins the product. 
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FIGURE 7.19 
eBay 


eBay provides an online marketplace where anyone can buy, sell, or trade practically anything. 
Source: eBay, Inc. 


Auction houses such as eBay accept limited liability for problems that 
buyers or sellers may experience in their transactions. Transactions that make 
use of the PayPal service are protected on eBay. Others, however, may be more 
risky. Participants should be aware that auction fraud is the most prevalent 
type of fraud on the Internet. 
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Craigslist is a network of online communities that provides free online clas- 
sified advertisements. It is a popular online marketplace for purchasing items 
from local individuals. Many shoppers turn to Craigslist rather than going to 
the classifieds in the local paper. 

Businesses benefit from shopping online as well. Global supply manage- 
ment online services provide methods for businesses to find the best deals on 
the global market for raw materials and supplies needed to manufacture their 
products. Electronic exchanges provide an industry-specific Web resource cre- 
ated to deliver a convenient centralized platform for B2B e-commerce among 
manufacturers, suppliers, and customers. 


Travel, Geolocation, and Navigation 


The Web has had a profound effect on the travel industry and the way people 
plan and prepare for trips. From getting assistance with short trips across town 
to planning long holidays abroad, travelers are turning to the Web to save time 
and money and to overcome much of the risk involved in visiting unknown 
places. 

Travel Web sites such as Travelocity, Expedia, Kayak, and Priceline help 
travelers find the best deals on flights, hotels, car rentals, vacation packages, 
and cruises. Priceline offers a slightly different approach from the other Web 
sites. It allows shoppers to name a price they’re willing to pay for an airline 
ticket or a hotel room and then works to find an airline or hotel that can meet 
that price. 

Mapping and geolocation tools are among the most popular and successful 
Web applications. MapQuest, Google Maps, and Bing Maps are examples. See 
Figure 7.20. By offering free street maps for locations around the world, these 
tools help travelers find their way. Provide your departure location and desti- 
nation, and these online applications produce a map that displays the fastest 
route. Using GPS technologies, these tools can detect your current location and 
provide directions from where you are. 


Sean Doyle ; 


FIGURE 7.20 
Google Maps 


Mapping software, such as Google Maps, provide view of Camelback Mountain in Phoenix. 
Source: Google, Inc. 
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Google Maps also provides extensive location-specific business informa- 
tion, satellite imagery, up-to-the-minute traffic reports, and Street View. The 
latter is the result of Google employees driving the streets of the world’s cities 
in vehicles with high-tech camera gear, taking 360-degree images. These images 
are integrated into Google Maps to allow users to get a “street view” of an area 
that can be manipulated as if the viewer were actually walking down the street 
looking around. Bing Maps and Google Maps both offer high-resolution aerial 
photos and street-level 3D photographs. 

A geographic information system (GIS) provides geographic information 
layered over a map. For example, Google Earth provides options for viewing 
traffic, weather, local photos and videos, underwater features such as ship- 
wrecks and marine life, local attractions, businesses, and places of interest. 
Software such as Connect, Find My Friends, Phone Tracker, and Tracker allow 
you to find your friends on a map—with their permission—and will automat- 
ically notify you if a friend is near. 

Geotagging is a technology that allows for tagging information with an asso- 
ciated location. For example, Flickr and other photo software and services allow 
photos to be tagged with the location they were taken. Once tagged, it becomes 
easy to search for photos taken, for example, in Florida. Geotagging also makes 
it easy to overlay photos on a map, as Google Maps and Bing Maps have done. 
Facebook, Instagram, Snapchat, Twitter, and many other social networks have 
also made it possible for users to geotag photos, comments, tweets, and posts. 

Geolocation information does pose a risk to privacy and security. Many 
people prefer that their location remain unknown, at least to strangers and 
often to acquaintances and even friends. Recently, criminals have made use of 
location information to determine when people are away from their residences 
so that they can burglarize without fear of interruption. 


Intranets and Extranets 


intranet: An internal corporate An intranet is an internal corporate network built using Internet and World 
network built using Internet and World Wide Web standards and products. Employees of an organization can use an 
Wide WED Standards ANd proaucis: intranet to gain access to corporate information. After getting their feet wet 
with public Web sites that promote company products and services, corpora- 
tions are seizing the Web as a swift way to streamline—even transform—their 
organizations. These private networks use the infrastructure and standards of 
the Internet and the World Wide Web. Using an intranet offers one considerable 
advantage: many people are already familiar with Internet technology, so they 
need little training to make effective use of their corporate intranet. 
An intranet is an inexpensive yet powerful alternative to other forms of 
internal communication, including conventional computer setups. One of 
intranet’s most obvious virtues is its ability to reduce the need for paper. 
Because Web browsers run on all types of computers, the same electronic 
information can be viewed by any employee. That means that all sorts of 
documents (such as internal phone books, procedure manuals, training manu- 
als, and requisition forms) can be inexpensively converted to electronic form, 
posted online, and easily updated. An intranet provides employees with an easy 
and intuitive approach to accessing information that was previously difficult to 
obtain. For example, it is an ideal solution to providing information to a mobile 
salesforce that needs access to rapidly changing information. 
A growing number of companies offer limited network access to selected 
customers and suppliers. Such networks are referred to as extranets, which 
extranet: A network built using connect people who are external to the company. An extranet is a network 
Web technologies that links selected built using Web technologies that links selected resources of the intranet of a 
rasöürçes of the INtranst OL a SOmipany company with its customers, suppliers, or other business partners. 
ee eee Corporate executives at a well-known global fast food chain wanted to 
business partners. 

improve their understanding of what was happening at each restaurant location 
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virtual private network 

(VPN): A secure connection between 
two points on the Internet; VPNs 
transfer information by encapsulating 
traffic in IP packets and sending the 
packets over the Internet. 


Critical 
Thinking 
Exercise 


and needed to communicate with franchisees to better serve their customers. 
The firm implemented an extranet, enabling individual franchisees to fine-tune 
their location-specific advertising and get it approved quickly by corporate-level 
staff. In addition, with the extranet, corporate employees now have a much 
better understanding of customers, both by location and in aggregate, based 
on information they are receiving from franchisees. 

Security and performance concerns are different for an extranet than for a 
Web site or network-based intranet. User authentication and privacy are critical 
on an extranet so that information is protected. Obviously, the network must also 
be reliable and provide quick response to customers and suppliers. Table 7.5 
summarizes the differences between users of the Internet, intranets, and extranets. 


TABLE 7-5 Summary of Internet, intranet, and extranet users 


Type User Need User ID and Password? 
Internet Anyone No 
Intranet Employees Yes 
Extranet Business partners Yes 


Secure intranet and extranet access applications usually require the use 
of a virtual private network (VPN), a secure connection between two points 
on the Internet. VPNs transfer information by encapsulating traffic in IP pack- 
ets and sending the packets over the Internet, a practice called tunneling. 
Most VPNs are built and run by ISPs. Companies that use a VPN from an ISP 
have essentially outsourced their networks to save money on wide area net- 
work equipment and personnel. To limit access to the VPN to just individuals 
authorized to use it, authorized users may be issued a logon ID and a security 
token assigned to that logon ID. The security token displays a 10- to 12-digit 
password that changes every 30 seconds or so. A user must enter their logon 
ID and the security password valid for that logon ID at that moment in time. 


Web Site to Support Car Part Salvage 
æ APPLICATION 


You work part time for a relative who owns four auto part salvage yards in the 
surrounding tri-state area. Each salvage yard has hundreds of wrecked autos and 
tens of thousands of parts. Today, when a customer is seeking a part, the customer 
and a sales clerk go out and walk the salvage yard until they find the desired part 
or give up because they cannot find it. Although each salvage yard is somewhat 
organized by year, make, and model of car, it can take as much as an hour to find 
the desired part. 

You have an idea to create a database that includes a description of the parts 
available at the four junk yards. The description will include the year, make, and 
model of car, part name, and condition of the part as well as identification of the 
location of the part in the salvage yard. There may be a photo for some parts (e.g. 
side panels, doors, auto hood, grill, etc.). When a customer calls or comes to the 
salvage yard, a clerk would query the database to find the availability, condition, 
and location of the desired parts. If the part is in inventory but at another salvage 
yard, a clerk can send an instant message to the employees at that salvage yard to 
ship the part. The database will be continually updated as parts are added or sold 
at each junk yard. Your current thinking is that the database will only be accessible 
over an intranet used by just the employees of the four salvage yards. 
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Review Questions 


1. What advantages does use of a centralized database accessed by an intranet 
provide versus the current approach? 

2. What measures can you take to control access to the database so that only 
authorized employees may enter their data? Can you identify measures that 
need to be taken to ensure the accuracy, completeness, and consistency of 
description of parts in the database? 


Critical Thinking Questions 


1. What potential start-up issues may be involved in preparing the employees to 
use this new system? How will you overcome these issues? 

2. If this idea proves successful, can you outline an approach to sell your system 
to other owners of salvage yards? What additional measures would you need 
to put into place to make this work? 


Principle: 


A network has many fundamental components, which—when carefully 
selected and effectively integrated—enable people to meet personal and 
organizational objectives. 

A computer network consists of communications media, devices, and soft- 
ware connecting two or more computer systems or devices. Communications 
media are any material substance that carries an electronic signal to support 
communications between a sending and a receiving device. 

The effective use of networks can help a company grow into an agile, pow- 
erful, and creative organization, giving it a long-term competitive advantage. 
Networks let users share hardware, programs, and databases across the orga- 
nization. They can transmit and receive information to improve organizational 
effectiveness and efficiency. They enable geographically separated workgroups 
to share documents and opinions, which fosters teamwork, innovative ideas, 
and new business strategies. 

Network topology indicates how the communications links and hardware 
devices of the network are arranged. The three most common network topol- 
ogies are the star, bus, and mesh. 

A network can be classified as personal area, local area, metropolitan, or 
wide area network depending on the physical distance between nodes on the 
network and the communications and services it provides. 

Channel bandwidth refers to the capacity of a com, usually measured in 
megabits per second (Gbps). 

Network latency measures how long it takes for a unit of data to get to its 
destination and back and is measured in milliseconds (ms). 

Communications media can be divided into two broad categories: guided 
transmission media, in which a communications signal travels along a solid 
medium, and wireless media, in which the communications signal is sent over 
airwaves. Guided transmission media include twisted-pair wire, coaxial, and 
fiber-optic cable. 

Wireless communication is the transfer of information between two or 
more points that are not connected by an electrical conductor. Wireless commu- 
nications involves the broadcast of communications in one of three frequency 
ranges: microwave, radio, and infrared. Wireless communications options 
include near-field communications, Bluetooth, Wi-Fi, microwave, and a variety 
of 3G, 4G, and 5G communications options. 
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Long-Term Evolution (LTE) is a standard for wireless communications for 
mobile phones based on packet switching. 

A network operating system (NOS) controls the computer systems and 
devices on a network, allowing them to communicate with one another. 
Network-management software enables a manager to monitor the use of indi- 
vidual computers and shared hardware, scan for viruses, and ensure compliance 
with software licenses. 

Mobile device management (MDM) software manages and troubleshoots 
mobile devices remotely, pushing out applications, data, patches, and settings. 

Software-defined networking (SDN) is an emerging approach to network- 
ing that allows network administrators to manage a network via a controller 
that does not require physical access to all the network devices. 


Principle: 


Together, the Internet and the World Wide Web provide a highly effective 
infrastructure for delivering and accessing information and services. 

The Internet is truly international in scope, with users on every continent. 
It is the world’s largest computer network. It is a collection of interconnected 
networks, all freely exchanging information. 

The Internet transmits data from one computer (called a host) to another. 
The set of conventions used to pass packets from one host to another is known 
as the Internet Protocol (IP). Many other protocols are used with IP. The best 
known is the Transmission Control Protocol (TCP) which defines how appli- 
cations can create channels of communication across the network. TCP is so 
widely used that many people refer to the Internet protocol as TCP/IP, the 
combination of TCP and IP used by most Internet applications. 

Each computer on the Internet has an assigned IP address for easy 
identification. 

A switch is a network hardware device that keeps a record of the MAC of 
all the devices connected to it so it can determine to which port a packet of 
data should be sent. 

The router is a network hardware device that directs data packets to other 
networks until each packet reaches its destination. 

A client/server system is a networking approach wherein many clients 
request and receive services from servers on the network. Servers receive client 
user requests, process them, and obtain the requested data. 

Client-side programming languages such as JavaScript, VBA Script, HTML, 
CSS, and Ajax are used to provide an interface to enable the client computer to 
request the services of the server computers and to display the results. 

Server-side programming languages such as PHP, C++, Java, Python, and 
Ruby on Rails are used to create programs that run on the server and deals 
with the generation of the content of a Web page to satisfy a client’s request. 

The domain name system maps the name people use to locate a website 
to the IP address that a computer users to locate a Web site. 

A Uniform Resource Locator (URL) is a Web address that specifies the exact 
location of a Web page using letters and words that map to an IP address and 
a location on the host. 

An Internet service provider is any company that provides access to the 
Internet. To connect to the Internet through an ISP, you must have an account 
with the service provider and software that allows a direct link via TCP/IP. 

The Web was designed to make information easy to find and organize. 
It connects billions of documents, which are now called Web pages, stored 
on millions of servers around the world. Web pages are connected to each 
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other using hyperlinks, specially denoted text or graphics on a Web page, 
that, when clicked, open a new Web page containing related content. The 
pages are accessed and viewed using Web client software called a Web 
browser. 

Many Web sites use cascading style sheets (CSS) to define the design and 
layout of Web pages, extensible mark-up language (XML) to define the content, 
and hypertext mark-up language (HTML) to join the content (XML) with the 
design (CSS). 

Popular tools for creating Web pages and managing Web sites include .NET 
platform, JavaServer Pages, Microsoft ASP.NET, and Adobe Cold Fusion. 

Internet companies, including Amazon, eBay, and Google, use Web services 
to streamline and simplify communication among Web sites. 

XML is also used within a Web page to describe and transfer data between 
Web service applications. 

Today’s Web development applications allow developers to create Web 
sites using software that resembles a word processor. The software includes 
features that allow the developer to work directly with the HTML code or to 
use auto-generated code. 

The use of social media in business is called Enterprise 2.0. Enterprise 
2.0 applications, such as Salesforce’s Chatter, Jive Software’s Engage Dia- 
log, and Yammer, enable employees to create business wikis, support social 
networking, perform blogging, and create social bookmarks to quickly find 
information. 

Social journalism provides important news not available elsewhere; how- 
ever, its sources may not be as reliable as mainstream media sources. 

Today, schools at all levels provide online education and training. The Web 
is also an excellent source of job-related information. 

A search engine is a valuable tool that enables you to find information 
on the Web by specifying words or phrases known as keywords, which are 
related to a topic of interest. Search engine optimization (SEO) is a process for 
driving traffic to a Web site by using techniques that improve the site’s ranking 
in search results. 

Instant messaging is online, real-time communication between two or more 
people who are connected via the Internet. 

Twitter is a Web application that allows users to send short text updates 
(up to 280 characters) from a smartphone or a Web browser to their Twitter 
followers. 

Internet technologies support real-time online conferencing where partic- 
ipants dial into a common phone number to share a multiparty phone conver- 
sation and, in many cases, live video of the participants. 

A Web log, typically called a blog, is a Web site that people and businesses 
use to share their observations, experiences, and opinions on a wide range of 
topics. 

A podcast is an audio broadcast you can listen to over the Internet. 

Content streaming is a method of transferring large media files over the 
Internet so that the data stream of voice and pictures plays more or less con- 
tinuously as the file is being downloaded. 

The Internet and the Web have made music more accessible than ever, with 
artists distributing their songs through online radio, subscription services, and 
download services. 

Television and movies are expanding to the Web in leaps and bounds. 
Online services such as Amazon Prime Video, Hulu, and Netflix provide tele- 
vision programming from hundreds of providers, including most mainstream 
television networks. 
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Video games have become a huge industry with worldwide annual revenue 
projected to exceed $138 billion in 2018. 

You can buy almost anything via the Web, from books and clothing, to cars 
and sports equipment. 

Travel Web sites help travelers find the best deals on flights, hotels, car 
rentals, vacation packages, and cruises. They have profoundly changed the 
travel industry and the way people plan trips and vacations. 

An intranet is an internal corporate network built using Internet and World 
Wide Web standards and products. Employees of an organization can use an 
intranet to access corporate information. 

A growing number of companies offer limited network access to selected 
customers and suppliers. Such networks are referred to as extranets, which 
connect people who are external to the company. 

Secure intranet and extranet access applications usually require the use 
of a virtual private network, a secure connection between two points on the 


Internet. 
Key Terms 
blog mobile device management (MDM) software 
Bluetooth near-field communication (NFC) 
bus network network latency 


Cascading Style Sheet (CSS) 
channel bandwidth 

client/server architecture 
communications media 

computer network 

content streaming 

domain name system 

Extensible Markup Language (XML) 
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mesh network 
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search engine optimization (SEO) 
software-defined networking (SDN) 
star network 
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Transmission Control Protocol/Internet 
Protocol (TCP/IP) 


Uniform Resource Locator (URL) 
virtual private network (VPN) 
Web 2.0 

Web browser 

Wi-Fi 

wide area network (WAN) 


wireless communication 
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Self-Assessment Test 


A network has many fundamental components— ‘Together, the Internet and the World Wide Web pro- 
which, when carefully selected and effectively vide a highly effective infrastructure for delivering 
integrated—enable people to meet personal and and accessing information and services. 


Prani anoal objectives: 6. specifies how to address and 
1. A network topology in which all network route each packet to make sure it reaches the 
devices connect to one another through a desired destination. 
single central device called the hub node is a. TCP/IP 
a : b. TCP 
a. bus network GIP 
b. mesh network d. MAC 
c. packet switching network 7. A 64-bit number that uniquely identifies a com- 
d. star network puter on the Internet is a(n) 
De is a wireless network that a. URL 
connects information technology devices close b. MAC address 
to one person. c. IP address 
a. Mesh network d. TCP address 
b. Personal area network 8. A network device that directs data packets to 
c. Local area network other networks until each packet reaches its des- 
d. Packet switching tination is a 
3. A network that connects large geographic a. router 
regions is a : b. hub 
a. MAN c. switch 
b. bus network d. client/server 
c. client/server network 9. A networking approach wherein many clients 
d. WAN (end user computing devices) request and 
4. A 5G network will have the following receive services from servers (host computers) 
advantages over a 4G network: on the network is 
a. Overall network support and operations costs a. peer-to-peer 
are reduced, new applications can be made b. client/server 
available sooner, and the risk of human error c. mesh 
is reduced. d. distributed 
b. Ability to support more concurrent devices, 10. The maps the name people use 
minimal infrastructure changes, and lower to locate a Web site to the IP address that a com- 
latency. puter uses to locate a Web site. 
c. Lower latency, greater bandwidth, and ability a. URL 
to support more devices. b. MAC address 
d. Ability to support exciting new applications, c. domain name system 
greater bandwidth, and improved d. IPL 
security. 11. The is a Web address that spec- 
5. Three advantages associated with a ifies the exact location of a Web page using let- 
software-defined network include ters and words that map to an IP address and a 
: location on the host. 
a. the risk of human error is reduced, overall a. URL 
network support and operations costs are b. MAC address 
reduced, and new applications can be made c. hyperlink 
available sooner d. CSS 
b. The ability to support more concurrent 12. are specially denoted text or 
devices, minimal infrastructure changes, and graphics on a Web page, that, when clicked, 
lower latency open a new Web page containing related 
c. the ability to support exciting new content. 
applications, greater bandwidth, and a. URLs 
improved security b. Hyperlinks 
d. lower latency, greater bandwidth, and the c. XMLs 
ability to support more devices d. MAC addresses 
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13. 


Web client software used to view Web pages is 
called 

a. HTML 

b. CSS 

c. XML 

d. browser 


is a standard page description 
language for Web pages that tells the browser 
how to display font characteristics, paragraph for- 
matting, page layout, image placement, hyperlinks, 
and the content of a Web page. It uses tags, which 
are codes that tell the browser how to format the 
text or graphics as a heading, list, or body text. 

a. XML 

b. CSS 

c. HTML 

d. URL 


. Many Web sites use Cascading Style Sheets (CSS) 


to define the design and layout of Web pages, and 
Extensible Markup Language (XML) to define the 
content, and hypertext mark-up language to join 
the content with the design. True/False 


16. 


17. 


The purpose of client-side programming is to 


a. deal with the generation of a web page to 
satisfy the client’s request 
b. pull data from a database stored on the server 
c. customize website content for individual 
users 
d. provide an interface to allow the client 
computer to request services of the server 
computer 
JavaScript, VBA Script, HTML, CSS, and Ajax 
are server-side programming languages, while 
PHP, C++, Java, Python, and Ruby on Rails are 
client-side programming languages. True or 
False? 
A(n) is an internal corporate 
network built using Internet and World Wide 
Web standards and products, while a(n) 
is a means to offer limited 
network access to people external to the 
organization such as selected customers and 
suppliers. 


Self-Assessment Test Answers 


CRNA RYN 


Toonenoaca 


. False 


intranet, extranet 


Review and Discussion Questions 


1. 


Describe three common network topologies and 
four network types in common use today. 

What advantages will 5G wireless communica- 
tions have over 4G? 


. What is software-defined networking (SDN), and 


what advantages does it offer? 

Describe how the Internet works by identifying 
and explaining the role of its key components. 
Describe how the Web works by identifying and 
explaining the role of its key components. 
Briefly outline the process used in developing Web 
content and applications. Outline half a dozen tools 
used to develop Web content and applications. 
What is the purpose of client-side computing? 
What is the purpose of server-side programming? 


8. 


Identify three commonly used server-side pro- 
gramming languages and three commonly used 
server-side programming languages. 

Describe five common Internet and Web 
applications. 


. Define the terms intranet and extranet. How are 


they alike? How are they different? 

Develop a spreadsheet to track the amount 
of time you spend each day on Twitter, Ins- 
tagram, Facebook, and other social networks. 
Record your times on each network for a 
two-week period. What percent of this time 
would you consider informative and worth- 
while? How much time is just socializing or 
entertainment?. 
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Business-Driven Decision-Making Exercises 


1. You are a member of the IS support group for 
your organization. The manager of sales is very 
tech savvy and a rapid adopter of new technol- 
ogy. Today, she texted you that she would like to 
upgrade from 4G phones to 5G phones for the 
45 members of the sales organization as soon as 
possible. What are some of the advantages and 
disadvantages of such an approach? Would it be 
wiser to wait until the new 5G technology has 
been more fully developed? Why or why not? 
How do you respond to this manager? 


Teamwork and Collaboration Activities 


1. Plan, set up, and execute a meeting with 
another team wherein you meet via the use of 
a Web service such as GoToMeeting or WebEx. 


2. Think of a business that you might like to estab- 
lish. Use a word processor to define the busi- 
ness in terms of what product(s) or service(s) it 
provides, where it is located, and its name. Go 
to www.godaddy.com, and find an appropriate 
domain name for your business that is not yet 
taken. Shop around online for the best deal on 
Web site hosting. Write a paragraph about your 
experience finding a name, why you chose the 
name that you did, and how much it would cost 
you to register the name and host a site. 


all Internet traffic running over their wired and 
wireless networks the same—without favoring 
content from some sources and/or blocking 


Develop an agenda, goals, and a time limit 

for this meeting and share it with members 
of each team in advance. What are some of 
the problems you encountered in setting up 
and executing the meeting? How would you 


evaluate the effectiveness of the meeting? What 


could have been done to make the meeting 
more effective? 

2. Net neutrality is the principle that Internet 
service providers should be required to treat 


or slowing (also known as throttling) content 
from others. The debate over net neutrality 
raises questions about how best to keep the 
Internet open and impartial while still offering 
Internet service providers incentive to expand 
their networks to serve more customers and 
to support new services. Have you and your 
team do research to find out the status of net 
neutrality in the United States. Prepare a brief 
report summarizing your findings. 


Career Exercises 


1. Explore LinkedIn, a social media network for 
professional networking. Use some of its fea- 


Man. The first book offers insights into Mark 
Zuckerberg, the founder of Facebook. The sec- 


tures to find former peers or coworkers. What 
are some of the advantages of using such a Web 
site? What are some of the potential problems? Zuckerberg recognize the potential of social net- 
Would you consider joining LinkedIn? Why or working? How did Bezos recognize the potential 
why not? of online shopping? What is it about these two 

2. Do research on Mark Zuckerberg and Jeff Bezos. individuals that made them super achievers? In 
(You might elect to read the book The Boy what ways are you like them, in what ways are 
Billionaire, or Jeff Bezos, The Force Behind the you unlike them? What can you learn from them? 


ond book is about Jeff Bezos, founder of Ama- 
zon and the richest man in the world). How did 


æ TEAMWORK 


T-Mobile Employs Enterprise 2.0 staff members can be rude and unhelpful. Second, cus- 


Wireless telephone service providers are ranked #5 from tomers are not happy with the speed of store service 
the bottom in terms of the most hated industries in the or center transactions. Third, customers are not satis- 
U.S. Surveys show there are three major areas for where fied with the range of wireless voice and/or data plans 
improvement is needed. First, customers feel call center available. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


288 PART 2 @ Technology Infrastructure 


T-Mobile with 51,000 employees, 73 million customers, 
and over $40 billion in annual revenue is the third larg- 
est wireless provider in the U.S. It recognizes that it must 
take strong action to eliminate customer pain points. Some 
recent changes include elimination of two-year service 
contracts, doing away with data buckets, abolishing unpre- 
dictable international roaming charges, and including taxes 
and fees in the rates quoted customers. These are all part of 
T-Mobile’s “un-carrier strategy” aimed at putting people first 
and improving the overall customer experience. 

Customers’ biggest complaint about their wireless 
telephone service provider is the poor service they receive 
when contacting the service center—long wait times on 
hold, curt and impatient service reps, and ambiguous 
answers to their questions. T-Mobile is making use of a com- 
mercial Enterprise 2.0 collaboration and knowledge manage- 
ment tool to improve the overall customer experience when 
customers contact the call center. The Enterprise 2.0 solu- 
tion helps T-Mobile customers and enables the organization 
to achieve major increases in productivity, employee team- 
work, and customer satisfaction. T-Mobile used Enterprise 
2.0 software as the basis to build its “T-Community” which 
serves as the central knowledge source for customer service 
and support. The new platform has been well received by 
customers and has also dramatically improved productivity. 
The effort required to publish content compared to previous 
means was cut by 70 percent thus saving $8 million over a 
three-year period. T-Mobile saves an additional $3 million 
each year in call handling costs by providing call center reps 
with easy access to current and more complete information. 
This cuts down the time spent searching for answers and 
reduces customer call time. 

T-Mobile also used Enterprise 2.0 technology to create 
a company intranet to enable employees to connect, com- 
municate, and work together as a team. This collaboration 
platform provides a central place for people to collaborate 
securely and openly across organizations, geographies, 


systems, and devices. It brings together all the people, 
information, and tools needed to move the business for- 
ward. The intranet provides a single platform for company 
communications, team collaboration, employee engagement 
and onboarding, knowledge sharing, enterprise search, and 
organizational analytics. It enables employees to create busi- 
ness wikis, support social networking, perform blogging, 
and create social bookmarks to quickly find information. 
The intranet is accessible via browsers and a mobile intranet 
app that enables employees to work from anywhere. With 
the Enterprise 2.0 intranet, getting work done across depart- 
ments—or time zones—is easier, more efficient, and more 
transparent. Decisions are made quickly, and projects are 
finished faster. 


Critical Thinking Questions: 


1. What complaints do you have in dealing with your 
wireless service provider? 

How might Enterprise 2.0 help improve this 
relationship? 

2. Can you identify any innovative ideas to enable T-Mo- 
bile to improve the speed and/or quality of in-store 
service? Briefly outline your thoughts. 

3. Should T-Mobile consider allowing access to its 
intranet to customers, suppliers, or other parties? 
What might be the value in doing this? What potential 
issues does this raise? 
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Principles Learning Objectives 


e Cloud computing provides e Identify three commonly used approaches to cloud computing. 
access to state-of-the-art 
technology at a fraction of 
the cost of ownership and Summarize four common issues organizations encounter when moving 
without the lengthy delays to public cloud computing. 
that can occur when an 
organization tries to acquire 
its own resources. 


e Identify three key benefits associated with cloud computing. 


Discuss the pros and cons of public, private, and hybrid cloud 
computing. 


Organizations are using the Define what is meant by the Internet of Things (loT). 
Internet of Things (loT) to 
capture and analyze streams 
of sensor data to detect Describe how 5G networks will transform developments with IoT. 
patterns and anomalies—not 
after the fact, but while they 
are occurring—in order to State the degree of sensing and the degree of action associated with 
have a considerable impact four types of loT applications. 

on the event outcome. 


e Discuss four applications of loT and associated connected devices. 


e Identify four benefits associated with the IoT. 


Identify two potential issues associated with the expansion of the IoT. 
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IS in Action 


Enterprise Considerations When Moving 
to the Cloud 


SYSTEMS AND PROCESSES 


As businesses migrate their email, productivity, and collaboration tools to the cloud, 
Microsoft Office 365 and Google’s G Suite are two leading online solutions often under 
consideration. Microsoft’s Office 365 suite includes Outlook for email and shared calendars; 
OneDrive for cloud storage; and Word, Excel, PowerPoint, and OneNote for productivity. 
Enterprise users often make use of additional apps, including Teams, a collaboration 
platform; Skype for Business, an audio and video conferencing app; Yammer, a corporate 
social network; and Planner, a work and project management app. 

Google’s G Suite includes Gmail and Calendar for email and shared calendars; Google 
Drive for cloud storage; Google Docs, Sheets, and Slides for productivity; and Hangouts 
for online meetings and chat. Some enterprise users also use Currents for company-wide 
discussions. Network administrators can use G Suite’s Admin app to add users, manage 
devices, and configure security settings, such as two-step verification—across an entire 
organization. Administrators can also specify which Google data centers around the world 
can be used to store their organization’s data. 

Cloud service providers such as Microsoft and Google deliver applications and operat- 
ing system updates directly to users’ devices over the Internet using a SaaS (software as a 
service) subscription model. Typically, users access cloud applications through a browser. 
In today’s workplace, employees access corporate data stored in the cloud on mobile 
devices, tablets, and laptops running Windows, Mac, iOS, Android, and other operating 
systems. Because apps and services are hosted in the cloud, employees can work wherever 
they are able to get online. 

A migration to the cloud enables employees to focus on the core tasks of their jobs 
rather than setting up and maintaining servers or installing software updates on their devices. 
Before the launch of cloud-based services, organizations had to undertake significant testing 
when upgrading an operating system. New major versions were typically released once every 
two or three years and contained many more changes, requiring significant testing to ensure 
ongoing compatibility with existing hardware and software resources. Although SaaS applica- 
tions such as Office 365 and G Suite change frequently—requiring organizations to develop 
strategies for evaluating and testing these updates prior to pushing them out to user’s com- 
puters and devices—the process for rolling out updates across the enterprise is much faster 
with cloud-based services. Cloud service providers provide software and operating systems 
updates as they become available, and analytics tools track when these upgrades take place. 

Moving resources that have been traditionally hosted and managed in-house to the 
cloud requires an organization to consider many factors, including network infrastructure, 
security, and training. Although information and applications may be hosted in the cloud, 
an organization’s technology infrastructure must still be robust enough to handle the 
additional traffic when the entire organization works online. Organizations must deter- 
mine whether data will be stored in the cloud only, or in a hybrid cloud configuration, 
with some data stored on premises and some data stored in the cloud. This also involved 
establishing security settings, including specifying which files and data can be accessed 
in-house and remotely, and by whom. 

Because data and the servers storing it are no longer on premises, enterprises must 
consider possible delays in performance, or latency, when using cloud applications over 
the Internet and accept and possible loss of control over managing a computing environ- 
ment virtually. In a recent survey, more than 80 percent of enterprises reported moderate 
to high levels of concern about being locked into a single public cloud platform. Some 
companies choose multiple cloud providers to keep their applications portable and switch 
between them as necessary; others choose to take advantage of specific features of a 
vendor’s platform to save development time.’ 
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e-discovery 
(electronic 
discovery): The 
process of identifying, 
collecting, and producing 
electronically stored 
information for use in 
legal cases. 


virtualization tools: 
A set of tools that allow 
users to access their 
desktop operating 
system hosted in the 
cloud on a centralized 
server—meaning users 
can interact with files 
and applications as if 
they were stored ona 
local device. 


Security of a company’s data is one of the biggest challenges when moving to the 
cloud. Many users believe their data is safer on their own servers, where they have more 
control over it. However, cloud providers must comply with strict regulations when storing 
sensitive information such as patient medical records or credit card numbers. In addition, 
BYOD (bring your own device) policies that permit, and in some cases encourage, the 
use of personal mobile devices at work require organizations to detail how employees 
can access corporate files and services securely on their own devices. If a user’s mobile 
device is lost or stolen, management tools can be used to wipe confidential data remotely 
from a user’s mobile device to keep company data secure. Finally, data stored on servers 
located in other countries are subject to local data privacy and security rules, which may 
be different from a company’s home country. 

Enterprise office cloud services also include capabilities to identify and provide elec- 
tronic information that can be used as evidence in legal cases. This process, known as 
e-discovery (electronic discovery), involves identifying, collecting, and producing infor- 
mation from archived email, files and documents in cloud storage, collaboration apps, 
and other cloud services. Electronic information often has metadata, such as time stamps, 
location data, sender and recipient information, and properties of files, which are not 
evident in printed materials, but may provide relevant evidence in legal matters. 

Virtualization tools allow users to access their desktop operating system hosted in 
the cloud on a centralized server—meaning users can interact with files and applications 
as if they were stored on a local device. This approach saves money because applications, 
data, and operating systems are stored in the cloud. Organizations no longer need to 
maintain physical servers, or facilities to house them, or spend on electricity to power and 
cool them. 

As of March 2018, cloud email services from Microsoft and Google had been adopted 
by more than 40 percent of public companies. Google’s popularity has increased among 
smaller businesses, while larger organizations tend to use Microsoft products and services. 
The 2018 Cloud Adoption report from BitGlass, a cloud security company, shows that 
Office 365 usage has increased from 34.3 to 56.3 percent in 2018, while G Suite usage has 
remained steady at about 25 percent since 2018. Gartner predicts that by 2021 more than 
70 percent of businesses will have completed a transition to providing cloud-based office 
services to their employees. 


As you read this chapter, consider the following: 


e What factors must organizations consider when implementing and deploying cloud 
computing solutions to support their business strategies and achieve organizational 
objectives? 

e What challenges and opportunities does the Internet of Things (IoT) present for 
individuals and organizations? 


Why Learn about Cloud Computing and the 
Internet of Things (loT)? 


Workers in many organizations operate in a cloud-computing environment in which software, data 
storage, and other services are accessed over the Internet (“the cloud”). The services are run on 
another organization’s computer hardware, and both software and data are easily accessed. Examples 
of public cloud service providers, which make their services available to the general public, include 
Amazon Elastic Compute Cloud (EC2), IBM’s Blue Cloud, DigitalOcean, Google Cloud Platform, 
Rackspace’s Managed Cloud, and Microsoft Azure. Public cloud users can realize a considerable 

cost savings because the very high initial hardware, application, and communications costs are paid 
for by the service provider and passed along to users as a relatively small monthly or per-use fee. 
Furthermore, companies can easily scale up or down the amount of services used, depending on 
user demand for services. Cloud computing also provides the benefit of making it easy for workers to 
collaborate by sharing documents on the Internet. 
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Cloud Computing 3 m 


cloud computing: A computing 
environment where software and 
storage are provided as an Internet 
service and are accessed with a Web 
browser. 


Cloud computing 

Cloud computing enables applica- 
tions such as file sharing, data stor- 
age and backup, media streaming, 
Web site hosting, information secu- 
rity, and communication services to 
be delivered via the Web. 


public cloud computing 
environment: A computing 
environment in which a service 
provider organization owns and 
manages the infrastructure (including 
computing, networking, storage 
devices, and support personnel) 

with cloud user organizations (called 
tenants) accessing slices of shared 
resources via the Internet. 


Cloud computing refers to a computing environment in which software and 
storage are provided as an Internet service and accessed by users with their 
Web browser (see Figure 8.1). Many organizations are turning to cloud comput- 
ing as an approach to outsource some or all their IT operations. This section 
defines cloud computing and its variations and points out some of its advan- 
tages as well as some potential issues, including problems associated with cost, 
scalability, security, and regulatory compliance. 


Cloud computing can be deployed in several different ways, including 
public cloud computing, private cloud computing, and hybrid cloud comput- 
ing. Public cloud computing refers to a deployment in which a cloud service 
provider offers its cloud-based services to the public. Examples of public cloud 
computing include an individual using Google Calendar and a corporation 
using the Salesforce.com application. In a private cloud deployment, cloud 
technology is used within the confines of a private network. Hybrid cloud 
computing combines elements of both public and private cloud computing, 
accessed through a private network. 


Public Cloud Computing 


In a public cloud computing environment, a service provider organization 
owns and manages the infrastructure (including computing, networking, stor- 
age devices, and support personnel) with cloud user organizations (called 
tenants) accessing slices of shared resources via the Internet. The service 
provider can deliver increasing amounts of computing, network, and stor- 
age capacity on demand, without requiring any capital investment on the 
part of the cloud users. Thus, public cloud computing is a great solution for 
organizations whose computing needs vary greatly depending on changes in 
demand. Amazon, Google, and Microsoft are among the largest public cloud 
computing service providers. These firms typically offer a monthly or annual 
subscription service model; they may also provide training, support, and data 
integration services. 
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infrastructure as a service 
(laaS): An information systems 
model in which an organization 
outsources the equipment used to 
support its data processing operations, 
including servers, storage devices, and 
networking components. 


platform as a service 

(PaaS): An information systems 
model in which users are provided 
with a computing platform, typically 
including operating system, 
programming language execution 
environment, database services, and 
Web server. 


Benefits of Public Cloud Computing 


Public cloud computing offers three key benefits to organizations—reduced 
costs, flexible computing capacity, and increased redundancy in the event 
of disaster. With public cloud computing, organizations avoid large, up-front 
investments in hardware. Public cloud computing can also lower the ongoing 
investment in the people and other resources required to manage that hard- 
ware. Organizations can request just the right type and capacity of information 
system resources from their cloud computing provider, pay for it on an ongoing 
basis, and let the service provider handle the system support and maintenance. 

Should an organization’s computing needs change, it can request its cloud 
computing service provider to deliver more or less capacity, with a corre- 
sponding increase or decrease in monthly charges. This avoids lengthy delays 
(possibly months) that can occur when an organization tries to acquire its 
own resources. Such flexibility can increase the speed and reduce the costs 
of new product and service launches. An organization can quickly acquire 
the increased computing capacity required to test a new product or service 
offering literally overnight. If the test proves successful, even more computing 
capacity can be requested to support the rollout of the new product or service. 
On the other hand, should the test prove unsuccessful, the organization can 
simply request the cloud computing service provider to turn off the additional 
capacity. 

Public cloud service providers operate multiple data centers distributed 
geographically. They also save multiple copies of tenants’ data on different 
machines. This redundancy ensures that the tenants’ information and the ser- 
vice provider’s processing power remain available with minimal interruption. 
Continuity of operations can be guaranteed even in the event a natural disaster 
strikes a certain region (e.g., a hurricane), a local hardware or software failure 
occurs at one of the data centers, or a software or hardware component needs 
to be updated or replaced. 

Seattle-based Zulily is an online retailer that sells clothing, toys, and home 
products. In 2018, the retailer moved several of its core business processes 
to Amazon’s public cloud service platform to enhance the online shopping 
experience of its more than six million active customers. Machine learning 
helps Zulily present customers with a customized experience, and data is at 
the center of the company’s operations. By moving several of its production 
databases to the cloud, Zulily gained higher fault tolerance and improved 
performance—both of which are critical to the company’s ongoing success. The 
company is also saving thousands of dollars per month through cloud comput- 
ing. In addition, the move to the cloud resulted in a 30-40 percent performance 
improvement for each request for data from the company’s online databases 
made through its Web site and mobile app.” 


Cloud Computing Services 


Public cloud computing can be divided into three main types of services (see 
Figure 8.2): 


e Infrastructure as a service (IaaS) is an information systems model in 
which an organization outsources the equipment used to support its 
data processing operations, including servers, storage devices, and net- 
working components. The service provider owns the equipment and is 
responsible for housing, running, and maintaining it. The outsourcing 
organization may pay on a per-use or monthly basis. 

e Platform as a service (PaaS) is an information systems model in which 
users are provided with a computing platform, typically including oper- 
ating system, programming language execution environment, database 
services, and a Web server. The user can create an application or service 
using tools and/or libraries from the provider. The user also controls 
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software as a service (SaaS): 
A software delivery approach that 
provides users with access to software 
remotely as a Web-based service. 
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software deployment and configuration settings. The PaaS provider 
provides the networks, servers, storage, and other services required to 
host the consumer’s application. PaaS enables application developers 

to develop, test, and run their software solutions on a cloud platform 
without the cost and complexity of buying and managing the underlying 
hardware and software. 

e Software as a service (SaaS) is a software delivery approach that pro- 
vides users with access to software remotely as a Web-based service. 
SaaS pricing is based on a monthly fee per user and typically results in 
lower costs than a licensed application. Another advantage of SaaS is that 
because the software is hosted remotely, users do not need to purchase 
and install additional hardware to provide increased capacity. Further- 
more, the service provider handles necessary software maintenance and 


upgrades. 
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The cloud computing environment 
Cloud computing can be divided into three main types of services: infrastructure as a service 
(laaS), platform as a service (PaaS), and software as a service (SaaS). 


Issues with Public Cloud Computing 


Although public cloud computing offers the benefits of reduced costs, flexible 
computing capacity, and increased redundancy in the event of disaster, com- 
panies contemplating moving to the cloud are advised to proceed carefully, 
as organizations frequently encounter major challenges during the transition. 
Common problems include complex pricing arrangements, wide variations in 
performance over time, inadequate data security, and vendor lock-in. 

Cloud computing arrangements can be lengthy and complex, and they are 
often subject to more than one interpretation. Organizations are advised to use 
experienced legal, purchasing, and IS resources to review and modify, where 
necessary, a cloud service provider’s standard contract. Failure to do so may 
result in unexpected costs that reduce the expected cost savings. 

Cloud service provider performance issues can result in wide variations in 
performance over time and greater than expected downtime for tenants. Ten- 
ants rely on the service provider to provide the valuable capability of quickly 
ramping up or down the amount of computing capacity made available to 
them. Failure to respond quickly to a capacity change request can greatly 
reduce the value of cloud computing. In addition, the service provider’s 
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private cloud computing 
environment: A single-tenant cloud. 


disaster recovery capabilities must be adequate to meet each tenant’s needs. 
A loss of capability for anything longer than a few minutes may be disas- 
trous to tenants who are running mission-critical applications in the cloud, 
and it may quickly impact their revenue-generation and customer service 
capabilities. 

Data security is another key concern when using a public cloud computing 
service because you are relying on someone else to safeguard your data, which 
may even reside on the same storage device as data from another organization 
(perhaps even a competitor). All these potential issues must be investigated 
fully before entering into a public cloud computing arrangement. Organiza- 
tions subject to complex regulatory requirements (e.g., financial, health care, 
and public utility organizations) must ensure that their own processes and 
applications—as well as those of the cloud provider—are compliant with those 
regulations. 

A major start-up issue that organizations should also consider is the amount 
of effort involved in moving to the cloud in the first place. This introduces the 
issue of vendor lock-in—meaning once an organization has gone through the 
effort required to transition its infrastructure and/or data to a public cloud pro- 
vider, it will likely be very reluctant to go through the time-consuming migra- 
tion process a second time, even if concerns arise with the vendor they are 
working with. Because of this, organizations must choose their cloud provider 
wisely, as it is a business relationship that the organization will likely need to 
live with for the foreseeable future. 


Private Cloud Computing 


A private cloud computing environment is a single-tenant cloud. Orga- 
nizations that implement a private cloud often do so because they are con- 
cerned that their data will not be secure in a public cloud. An organization 
might establish several private clouds with one for finance, another one for 
product development, and a third for sales, for example. Each private cloud 
has a defined set of available resources and users, with predefined quotas 
that limit how much capacity users of that cloud can consume. Private clouds 
can be divided into two distinct types. Some organizations build their own 
on-premise private cloud, and others elect to have a service provider build 
and manage their private cloud (sometimes called a virtual private cloud). 
When considering the total cost of ownership, which includes the IT platform, 
applications, and services, many organizations have found that a private cloud 
is comparable or less than the total cost of an on-premises environment, while 
also providing benefits, such as being able to work anywhere and on any 
device. Some companies have found that they can save over 70 percent on 
computing expenses over the course of five years by switching to the cloud.’ 
However, many complications must be overcome—and deep technical skills 
and sophisticated software are needed—to successfully build and manage a 
private cloud. 

Pfizer, a global leader in the pharmaceutical industry, wanted to address 
the way it handled computing needs at peak times. The company found a 
solution in Amazon’s VPC (Virtual Private Cloud), which was set up to enhance 
Pfizer’s high-performance computing systems and improve performance during 
peak demand.‘ The Amazon VPC offered Pfizer additional levels of security and 
an ability to integrate with the company’s existing technology infrastructure. 
Pfizer now uses the VPC to provide a secure environment in which to carry 
out complex research calculations. The VPC’s job scheduler function man- 
ages workload, and adds additional instances as needed to address demand. 
As a result, Pfizer avoided the need for some additional hardware and soft- 
ware investments, which freed up more money for investing in the company’s 
research and development activities.’ 
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hybrid cloud computing 
environment: A cloud computing 
environment is composed of both 
private and public clouds integrated 
through networking. 
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Hybrid Cloud Computing 


Many IT industry observers believe that the desire for both agility and security 
will eventually lead many organizations to adopt a hybrid cloud approach. A 
hybrid cloud computing environment is composed of both public and private 
clouds, integrated through a private network, as shown in Figure 8.3. 


Hybrid Cloud 


Public Cloud 


Cloud Service Providers 


Private Cloud 


On-Premise 


Amazon Web Services 
Google Cloud Platform 


Microsoft Azure 


FIGURE 8.3 


Hybrid Cloud Environment 

Source: https://www.google.com/search?q=diagram+of+hybrid+cloud&rlz= 1C 1SQJUL_enUS795US795&tbm= 
isch&source=iu&ictx= 1 &fir=gkwwFN7GWOY 22M%253A%252CgnWtMh4MoSaRbM%252C_&usg=Al4_-kSDF_ 
sKspA-ZIJQ8Lh699ApjtY lqw&sa=X&ved=2ahUKEwjzguSB26veAhXRz 1MKHRjyCkgQ9QEwAXoECAQQBg# 
imgrc=4O0QqHNyZ-p_t_M: 


Integrating data across applications, including data from different vendors, 
or located in different data centers is common in cloud computing environ- 
ments. Organizations typically use the public cloud to run applications with 
less sensitive security requirements and highly fluctuating capacity needs, 
but run more critical applications, such as those with significant compliance 
requirements, on the private portion of their hybrid cloud. So, a hospital may 
run its Web conferencing and email applications on a public cloud while run- 
ning its applications that access patient records on a private cloud to meet 
Health Insurance Portability and Accountability Act (HIPAA) and other com- 
pliance requirements. The network used with a hybrid cloud must provide 
a secure, reliable, low latency private connection between the user’s private 
and public cloud environments and any business location. Security is a critical 
responsibility that is shared between the network providers, the cloud provider, 
and the user. As computing and processing demands rise and fall, a hybrid 
environment allows businesses to scale their in-house computing infrastructure 
to the public cloud to handle any additional demand for resources. Data and 
applications can be shared between the two clouds, as organizations use the 
public cloud for basic tasks while keeping sensitive data and applications on 
premises behind a firewall. Companies pay only for the additional resources 
they use during peak times rather than having to purchase, configure, and 
maintain additional servers needed to handle temporary computing demands. 
Hybrid cloud computing provides flexibility, scalability, and cost efficiency with 
low security risks.° 
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autonomic computing: The 
ability of IT systems to manage 
themselves and adapt to changes in 
the computing environment, business 
policies, and operating objectives. 


Critical 
Thinking 
Exercise 


Public cloud, on-premise private cloud, virtual private cloud, and hybrid 
cloud are four major forms of cloud computing. According to Flexera’s 2019 
State of the Cloud Report, an estimated 84 percent of enterprises now use 
multicloud solutions, and enterprises with a hybrid strategy combining public 
and private clouds grew to 58 percent in 2019. An estimated 91 percent use 
public cloud, 72 percent use hosted private cloud, and 69 percent using at least 
one public and one private cloud. Fewer than 10 percent of large organizations 
employ just a single public cloud, and only about 4 percent employ a single 
private cloud.” 8 

When moving to a multicloud environment, organizations must consider 
the expected performance of its applications, security concerns, regulatory 
compliance, availability requirements, and total cost savings. 


Autonomic Computing 


An enabling technology for cloud computing is autonomic computing 
or the ability of IT systems to manage themselves and adapt to changes 
in the computing environment, business policies, and operating objectives. 
The goal of autonomic computing is to create complex systems that run 
themselves, while keeping the system’s complexity invisible to the end 
user. Autonomic computing addresses four key functions: self-configuring, 
self-healing, self-optimizing, and self-protecting. As cloud computing environ- 
ments become increasingly complex, the number of skilled people required 
to manage these environments also increases. Software and hardware that 
implement autonomic computing are needed to reduce the overall cost of 
operating and managing complex cloud computing environments. While this 
is an emerging area, software products such as Tivoli from IBM are partially 
filling the need. 


DoD Implements JEDI Solution 
æ APPLICATION 


The Department of Defense (DoD) is responsible for coordinating and super- 
vising all agencies and functions of the government concerned directly 
with national security and the U.S. Armed Forces. It has an annual budget of 
$716 billion and employs 287 million service employees and 732 thousand civilian 
employees.’ 

The DoD currently relies on a largely fragmented and on-premises computing 
and storage solution, with data centers and computing facilities located at hundreds 
of locations around the world. Tedious data and application management processes 
are required to add computing and storage capacity, forcing the DoD to forego new 
computing and storage capacity to meet the needs of new DoD programs or plod 
through a lengthy acquisition, rollout, and provisioning process. 

The DoD has proposed a 10-year, $10 billion Joint Enterprise Defense Infra- 
structure (JEDD program to move its computing and storage capacity to the cloud. 
The contract is designed to establish the cloud technology strategy for the mili- 
tary over the next 10 years as it begins to take capitalize on the latest innovation 
such as the Internet of Things (IoT), artificial intelligence, and big data. The JEDI 
project will account for 20 percent of the DOD’s spending on cloud services and 
infrastructure.’° 

The DoD would like a single cloud vendor to build out its enterprise cloud 
because it believes that is the best way to maintain focus and control of its cloud 
strategy. The DOD also believes that such an approach increases security, improves 
data accessibility, and simplifies the DoD’s ability to adopt and use cloud services. 
However, such an approach is counter to the approach of many large organizations 
around the world that are adopting multicloud solutions. 
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In 2019, the DoD’s move to the cloud became more complicated after Oracle 
filed a protest alleging that the bid review process unfairly favors Amazon because 
the DoD has an existing contract with Amazon Web Services (AWS) to provide 
classified cloud services and infrastructure, giving one vendor dominance in the 
government sector. Both the DoD and the U.S. Government Accountability Office 
have rejected this argument.” 


Review Questions 


1. What benefits are the DoD likely to achieve from moving from a fragmented 
and on-premises computing and storage solution to a cloud-based computing 
environment? 

2. What are some of the issues that the DoD faces in making this move to the cloud? 


Critical Thinking Questions 


1. What are the pros and cons of adopting a single cloud vendor solution as com- 
pared with engaging multiple cloud providers to meet the needs of the DoD? 
2. Research recent developments in the DoD JEDI project. What lessons can organi- 
zations learn from the DoD JEDI project when selecting cloud service providers? 


The Internet of Things (loT) 3 a 


The Internet of Things 

The loT is a network of physical 
objects or “things” embedded with 
sensors, processors, software, and 
network connectivity capability to 
enable them to exchange data with 
the manufacturer of the device, 
device operators, and other con- 
nected devices. 


The Internet of Things (IoT) is a network of physical objects or “things” embed- 
ded with sensors, processors, software, and network connectivity capability 
to enable them to exchange data with the manufacturer of the device, device 
operators, and other connected devices (see Figure 8.4). 
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A sensor is a device that is capable of sensing something about its sur- 
roundings, such as pressure, temperature, humidity, pH level, motion, vibration, 
or level of light. The sensor detects an event, such as a change in tempera- 
ture or humidity, and produces a corresponding output, usually an electrical 
or optical signal. Sensors are being installed in a variety of machines and 
products, ranging from home appliances and parking garages to clothing and 
grocery products. To be truly part of the IoT, these networked devices need IP 
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FIGURE 8.5 


Estimated number of 
devices connected to the loT 
worldwide 


Source: “Internet of Things (loT) connected 
devices installed base worldwide from 2015 
to 2025 (in billions), Statistica, https://www 
.Statista.com/statistics/47 1264/iot- 
number-of-connected-devices-worldwide/, 
accessed October 26, 2018. 


smart city: Cities that make use 

of data from sensors combined 

with artificial intelligence to improve 
infrastructure and efficiently manage 
traffic lights, power plants, water 
supplies, networks, energy usage, and 
other resources. 


addresses and a connection to the public Internet, which allows the data to be 
transmitted to an operational historical database containing data from many 
sensors. The database may be on a data storage device in a local control room, 
in an enterprise data center in another state, or hundreds of miles away in the 
cloud. The operational data can be accessed via the Internet and analyzed by 
users with personal computers or mobile devices. Updates, alerts, or even auto- 
matic adjustments may be sent to the devices on the IoT based on this analysis. 
The IoT takes automation to a deep, broad level—one where interconnectivity 
between various devices exists in a way it never did before. 

The number of connected devices worldwide is expected to continue to 
increase, as shown in Figure 8.5. 


80 


75.44 


70 


60 


50 


40 


30 


Billions of Devices 


20 


2018 2019 2020 2021 2022 2023 2024 2025 
Year 


Examples of loT 


IoT technology is finding its way into automated homes, wearable devices, 
smart cities, and autonomous vehicles, as described in the following paragraphs: 


e Home automation. Smart homes are becoming more popular as the 
enabling technologies have become more affordable and easier to config- 
ure. Smart speakers, such as Google Home and Amazon Alexa, connect to 
the Internet and respond to your voice commands to perform functions 
such as reviewing calendar appointments, performing search queries, 
streaming music, and turning on or off lights connected to smart outlets. 
Networked home automation also enables users to adjust the thermostat, 
monitor a home security system, turn on or off a television or other appli- 
ances, and adjust windows or blinds using apps on their smartphones. 

e Wearable devices. Wearable devices include sensors that can collect 
information such as your location and vital signs. Smartwatches track 
your location and allow you to check email, read text messages, and 
make phone calls. Fitness trackers, such as Fitbit, can track your heart 
rate and communicate that data to your mobile device for biofeedback 
therapy and exercise monitoring. Medical services providers, including 
hospitals, insurance companies, and medical device companies, often 
have access to this data, making accuracy and privacy important consid- 
erations for users of wearable devices. 

e Smart cities. The IoT is also influencing city planning. A smart city uses 
data from sensors combined with artificial intelligence to improve its infra- 
structure and efficiently manage traffic lights, power plants, water supplies, 
networks, energy usage, and other resources. Automation systems monitor 
and improve lighting and air conditioning in office buildings, and these 
enhancements can increase workplace productivity. Smart transportation 
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systems monitor traffic patterns and provide up-to-the-minute information 
to drivers, making it easier to navigate the city. Smart garbage dumpsters 
placed on city streets are equipped with sensors that send a notification 
to the city’s public works department when they are full, streamlining 
operations and saving labor and vehicle wear, as bins need only be emptied 
when they are full. Barcelona, Spain, was named the first “Smart City” 
in Europe because of its efficient public transportation, use of data to 
monitor traffic and parking patterns, and innovative use of solar energy. 

e Autonomous vehicles. Smart cars have sensors that capture data such 
as vehicle location and gas mileage, and report this information back to 
their owner’s mobile device or a service provider. Other sensors monitor 
objects in the car’s blind spots and at the front and rear of the car to aid 
in driving or parking. Self-driving vehicles rely on maps, traffic infor- 
mation, and weather data stored in the cloud along with cameras and 
sensors that collect data that the vehicle’s systems can quickly analyze to 
determine when it should speed up, slow down, change lanes, or turn. 
Tesla and Google have been pioneers in developing autonomous vehicles. 


Enabling Connectivity with 5G 


Advances in 5G technology are changing the way consumers and large enter- 
prises use the IoT. 5G (5 generation) is the latest generation of mobile com- 
munications, featuring high data transfer speeds over high frequencies with 
minimal latency (delays in response time) and requiring low energy. 5G uses 
millimeter wave, a higher frequency band of the wireless spectrum, which 
allows data to be transferred at faster rates than the lower frequency bands 
used by 4G networks. However, because millimeter wave signals do not travel 
as far as 4G signals, carriers must place 5G antennas closer together than was 
required for prior generations of wireless networks. 

5G enables many devices to transmit data quickly to the cloud where it can 
be stored or analyzed, and the technology will make possible new services that 
can transform industries such as performing remote surgery, streaming high 
definition movies, operating drones to deliver medical supplies, and conduct- 
ing security and surveillance operations.” Self-driving cars will rely on 5G for 
their sensors, which interact with other cars on the road and process traffic and 
mapping information in real time. Smartphones operating on 5G networks will 
support enhanced immersive experiences with augmented and virtual reality. 

Major mobile carriers in the United States are investing billions of dollars 
to upgrade their networks to be able to support 5G connectivity. Controlled 
rollouts began in major cities in 2019, and availability is expected to quickly 
increase in subsequent years." 

Table 8.1 provides some historical background showing the developments 
in networking technology leading up to 5G networks. 


TABLE 8.1 Developments leading up to 5G networking capabilities 


Year 
Generation introduced 
1G 1986 
2G 1991 
3G 2001 
4G / LTE 2011 
5G 2020 


Capabilities Speed 
Analog voice calls on mobile phones 2.4 kb/sec 
Digital voice, text messaging 64 kb/sec 
Mobile data, Internet connectivity 2 mb/sec 
Enhanced speeds capable of broadband video streaming 100 mb/sec 
Fast data transfer, with minimal latency and ability to connect 1-10 Gbps 


many IoT devices 
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Business Benefits of loT 


Application of the IoT can bring four key benefits to an organization: 


1. 


Reduce costs to achieve a competitive advantage. Manufacturers can 
use IoT devices to monitor production equipment and minimize down- 
time by predicting failures and scheduling necessary preventative main- 
tenance. IoT-enabled sensors on equipment, such as a conveyor line, can 
alert plant floor personnel to problems in real time. The data can also be 
analyzed to uncover patterns that allow technicians to predict potential 
failures or redeploy resources in a more optimal fashion. Organizations 
can also reduce energy costs by using IoT and smart building systems to 
monitor and control unnecessary usage of electrical systems. IoT devices 
can help manufacturers sectors accurately assess demand and efficiently 
manage various stages of production through real-time tracking of parts 
and raw materials. 

Deepen the organization’s understanding of consumer preferences and 
behaviors. The key to the success of any business, especially in the con- 
sumer goods and retail sector, is understanding customer preferences and 
behavior. IoT devices can collect, monitor, and analyze data from video 
surveillance, social media, mobile, and Internet usage. With this data, mar- 
keting analysts can predict preferences and forecast trends so that the busi- 
ness can design products and offer personalized value-added services for 
better customer engagement, with the goal of retaining target consumers 
and fostering brand loyalty. 

Improve customer service and experience. Superior customer service 
is a key factor in ensuring the success of any service. Mobile card readers 
that can connect to smartphones to process transactions and smart track- 
ers that enable consumers to keep track of their shipped products can 
improve customer experience and overall satisfaction. For example, IoT 
sensors are used extensively in the utilities industry to capture operational 
data to achieve 24/7 uptime. Sensor data is carefully analyzed to predict 
when critical pieces of equipment or power lines are about to fail so that 
quick, anticipatory corrective action can take place before any failure. 
Improve workplace safety. IoT devices can help employers ensure worker 
safety and enhance overall workplace security. With sensors embedded in 
safety helmets and wristbands, workers in high-risk environments such 
as mining, heavy industries, and construction can be continuously mon- 
itored to guard against potential injuries and exhaustion. Organizations 
can employ video surveillance cameras and smart locks to monitor office 
premises and ensure the protection of important assets. 


Types of loT Applications 


IoT applications can be classified into one of four types, as shown in Table 8.2. 


Consider the following examples of the four basic types of IoT applications: 


Connect and monitor. Food and drug manufacturers can monitor ship- 
ping containers for changes in temperatures that could affect product 
quality and safety using inexpensive battery-powered sensors and 4G 
LTE or 5G connectivity. 

Control and react. Retailers use sensors to detect the in-store behav- 

ior of customers, allowing them to optimize the shopping experience 

to increase revenue and market share. Streaming data from sensors is 
analyzed along with other information, including inventory data, social 
media chatter, and online-shop user profiles, to send customized offers 
to shoppers while they are in the process of making a purchase decision. 
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TABLE 8.2 Types of loT applications 


Type of IoT application Degree of sensing Degree of action 

Connect and monitor Individual devices each gather a Enables manual monitoring using simple 
small amount of data threshold-based exception alerting 

Control and react Individual devices each gather a Automatic monitoring combined with remote 
small amount of data control with trend analysis and reporting 

Predict and adapt External data is used to augment Data used to perform predictive analysis and 
sensor data initiate preemptive action 

Transform and explore Sensor data combined with external New business models, products, and services are 
data is used to provide new insights created 


e Predict and adapt. Compology is a company that provides dumpster- 
monitoring software for waste haulers to streamline their operations and 
improve customer service. The software is powered by camera-based 
sensors and GPS devices that track garbage container fullness, location, 
and motion. Drivers are equipped with tablets with customized apps that 
provide real-time data on trash containers in need of service, as well as the 
fastest routes to do it.” 

e Transform and explore. Enlightened organizations apply analytics to 
the streams of data gathered by IoT devices—even before the data is 
stored for post-event analysis. This enables workers to detect patterns 
and potential problems as they are occurring and to make appropriate 
adjustments in the operation of the devices being measured. For exam- 
ple, sensors embedded in General Electric (GE) aircraft engines collect 
some 5,000 individual data points per second. This data is analyzed while 
the aircraft is in flight to adjust the way the aircraft performs, thereby 
reducing fuel consumption. The data is also used to plan predictive main- 
tenance on the engines based on engine component wear and tear. This 
technology helped GE earn $1 billion in incremental income by deliver- 
ing performance improvements, less downtime, and more flying miles.'° 


Potential Issues with loT Applications 


Unfortunately, there can be many issues with the receipt and usability of sensor 
data. Sometimes a faulty sensor or bad network connection results in miss- 
ing data or sensor data that lacks a time stamp indicating when the reading 
occurred. As a result, sensor data can be incomplete or contain inconsistent 
values, indicating a potential sensor failure or a drop in a network. Developers 
of IoT systems must be prepared for and be able to detect faulty sensor data. 

Security is a very major issue with IoT applications. In today’s manufac- 
turing environment, the factory network is a closed environment designed to 
communicate with plant sensors and devices but not typically with the outside 
world. So, there is a key decision that organizations must make when con- 
sidering implementation of an IoT: Are the benefits of doing so sufficient to 
overcome the risk of making detailed company information accessible through 
the Internet and exposing internal systems to hacking, viruses, and destructive 
malware? Hackers who gain access to an organization’s IoT can steal data, 
transfer money out of accounts, and shut down Web sites. They can also wreck 
physical havoc by tampering with critical infrastructure such as air traffic con- 
trol systems, health care devices, power grids, and supervisory control and 
data acquisition (SCADA) systems. One of the first things developers of IoT 
application should focus on is building in security from the start. This needs 
to include ways of updating the system in a secure manner. 
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Critical Manufacturer Weighs Converting to Internet of Things (loT) 


Thinking Æ REFLECTIVE THINKING 
Exercise 


Traditionally, car insurance premiums are set based on the type of vehicle and the 
demographics of the driver. As a result, young drivers are charged much higher 
premiums. Several auto insurance companies are now employing low-cost in-car 
sensors with the ability to provide real-time data and advancements in mathemat- 
ical modeling techniques to improve their risk assessment models. The sensors 
can record immense amounts of data related to the vehicle and driver. Insurers 
and underwriters can use this data to judge risk based on a much more individual 
basis than ever before. 

Your insurance company has offered you the option of installing a small 
telematics device into your car’s diagnostics port. This device records data such as 
the vehicle’s speed, distance traveled, time of day, and the rate of acceleration and 
braking. By analyzing this data, the insurer can determine the driver’s style and 
adjust the premium as necessary. While no guarantee was made, your agent says 
that there is potential that your premium could be reduced. 


Review Questions 


1. Which of the four types of IoT application does this device represent? 
2. What security concerns might using this device raise? 


Critical Thinking Questions 

1. What additional benefits might be gained from use of this device? 

2. If you had access to a telematics device, would you use it in your car in 
exchange for potentially smaller insurance premiums? How does using this 
device impact your privacy? 


Principle: 


Cloud computing provides access to state-of-the-art technology at a frac- 
tion of the cost of ownership and without the lengthy delays that can 
occur when an organization tries to acquire its own resources. 

Cloud computing refers to a computing environment in which software 
and storage are provided as an Internet service and can be accessed by users 
with their Web browser. Computing activities are increasingly being delivered 
over the Internet rather than from software installed on PCs. 

Cloud computing offers three key benefits—reduced costs, flexible com- 
puting capacity, and increased redundancy in case of a disaster. 

A cloud service provider can deliver increasing amounts of computing, 
network, and storage capacity on demand, without requiring any capital 
investment on the part of the cloud users. Cloud computing can also lower the 
ongoing investment in people and other resources required to manage 
the hardware. Cloud service providers operate multiple data centers spread 
out geographically, and they save multiple copies of tenants’ data on different 
machines. 

Cloud computing can be deployed in several different ways, including 
public cloud computing, private cloud computing, and hybrid cloud computing. 

In a public cloud computing environment, a service provider organization 
owns and manages the infrastructure (including computing network, storage 
devices, and support personnel) with cloud user organizations (called ten- 
ants) accessing slices of shared resources via the Internet. In a private cloud 
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deployment, cloud technology is used within the confines of a private network. 
Organizations that implement a private cloud often do so because they are 
concerned that their data will not be secure in a public cloud. 

A hybrid cloud is composed of both private and public clouds integrated 
through networking. Organizations typically use the public cloud to run appli- 
cations with less sensitive security requirements and highly fluctuating capacity 
needs, while running more critical applications, such as those with significant 
compliance requirements, on the private portion of their hybrid cloud. 

Most organizations implement a multicloud strategy to balance high applica- 
tion performance, security concerns, regulatory compliance, availability require- 
ments, and total costs. Autonomic computing is an enabling technology for cloud 
computing that enables systems to manage themselves and adapt to changes in 
the computing environment, business policies, and operating objectives. 

Cloud computing can be divided into three main types of services: infra- 
structure as a service (IaaS), software as a service (SaaS), and platform as a 
service (PaaS). 

Organizations contemplating moving to the cloud are advised to proceed 
carefully, as almost one in three organizations encounter major challenges 
as they transition to the cloud. Common problems include complex pricing 
arrangements and hidden costs that reduce expected cost savings, issues that 
cause wide variations in performance over time, inadequate data security, poor 
user support, and greater than expected downtime. 


Principle: 


Organizations are using the Internet of Things (IoT) to capture and ana- 
lyze streams of sensor data to detect patterns and anomalies—not after 
the fact, but while they are occurring—in order to have a considerable 
impact on the event outcome. 

The Internet of Things (oT) is a network of physical objects or “things” 
embedded with sensors, processors, software, and network connectivity capa- 
bility to enable them to exchange data with the manufacturer of the device, 
device operators, and other connected devices. 

Organizations that have implemented IoT solutions have found four key ben- 
efits: reduced costs, a deeper understanding of consumer preferences and behav- 
iors, improved customer service and experiences, and improved workplace safety. 

As 5G networks continue to evolve, they will enable fast data transfer 
and increased ability to connect many IoT devices that have the potential to 
transform industries through new services that previously were not possible. 

IoT application types include connect and monitor and control and react, 
where individual devices each gather a small amount of data; predict and 
adapt, where external data augments sensor data; and transform and explore, 
where sensor data combined with external data is used to provide new insights, 
enabling the creation of new business models, products, and services. 


5G (5" generation) 
autonomic computing 
cloud computing 


e-discovery (electronic discovery) 


platform as a service (PaaS) 
private cloud computing environment 
public cloud computing environment 


smart city 


hybrid cloud computing environment software as a service (SaaS) 


infrastructure as a service (laas) 


virtualization tools 
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Self-Assessment Test 


Cloud computing provides access to state-of-the-art 
technology at a fraction of the cost of ownership 
and without the lengthy delays that can occur when 
an organization tries to acquire its own resources. 


1. 


Three commonly used approaches to cloud 

computing are public cloud computing, private 

cloud computing, and cloud 

computing. 

Public cloud computing offers three key benefits 

to organizations including : 

a. reduced costs, increased data privacy and 
security, and vendor lock-in 

b. flexible computing capacity, freedom from 
performance issues, and increased redun- 
dancy in the event of disaster 

c. freedom from performance issues, reduced 
costs, and vendor lock-in 

d. increased redundancy in the event of disas- 
ter, reduced costs, and flexible computing 
capacity 

Common issues encountered when moving to 

public cloud computing include complex pricing 

arrangements, performance issues, inadequate 

data security, and 


4. A private cloud computing environment can 
provide more data security than a public cloud 
computing environment. True or False? 


Organizations are using the Internet of Things (IoT) 
to capture and analyze streams of sensor data to 
detect patterns and anomalies—not after the fact, 
but while they are occurring—in order to have a 
considerable impact on the event outcome. 


5. Network connectivity is not required for objects 
with sensors to exchange data with other con- 
nected devices. True or False? 

6. A faulty sensor or a bad network connection can 
result in or IoT sensor data that 
lacks a time stamp indicating when the reading 
occurred or. 

7. One of the first things developers of IoT 
applications should focus on is building in 

from the start. 

redundancy and backup 

cost controls 

security 

disaster recovery 


aor. 


Self-Assessment Test Answers 


Saeko 


hybrid 

d 

vendor lock-in 
True 


5. False 
6. missing data 
Ts © 


Review and Discussion Questions 


1. 


2. 


3. 


What is cloud computing? Identify three 
approaches to deploying cloud computing. 
Cloud-based office solutions, including pro- 
ductivity, collaboration, and communication 
tools, have been widely used since they were 
first introduced to consumers. Identify sev- 
eral factors that organizations must consider 
when implementing these tools across the 
enterprise. 

What is autonomic computing, and how does it 
benefit cloud computing? What is the Internet of 
Things (IoT), and how is it used? 


4. Identify some of the issues and concerns associ- 
ated with connecting devices to the Internet of 
Things (oT). 

5. Identify and briefly discuss four problems fre- 
quently encountered by organizations moving to 
the cloud. 

6. Identify several benefits companies can experi- 
ence when moving to the cloud. 

7. Identify the four types of IoT applications and 
give an example of each. 

8. Summarize and discuss the pros and cons of 
different cloud computing models. 
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Business-Driven Decision-Making Exercises 


1. You work for a mid-sized law firm, and your 
boss has asked you to research Amazon Web 
Services (AWS), Google Compute Engine, and 
Windows Azure cloud computing services. Write 
a paragraph summarizing each service. Prepare a 
spreadsheet to compare the three services based 
on ease of use, cost, and other key criteria of your 
choosing. Based on your findings, which service 
provider would you recommend for your firm? 


2. You have been hired to develop a plan for 
improving traffic flow, waste management, 
security, and other municipal services in a 
large urban area. Describe the approaches, 
IoT technologies, or networking solutions you 
might propose to create a “smart city” that will 
allow government entities to use the data that 
is collected to make better, more informed 
decisions. 


Teamwork and Collaboration Activities 


1. Form a team to identify IoT sensors in high 
demand in the medical device/pharma/bio-med 
industry. How are these sensors being used? 
What companies manufacture them? What do 
they cost if purchased in large quantities? Write a 
summary of your team’s findings. 

2. Form a team to plan a visit to a city that has 
been designated as a smart city. Each team mem- 
ber should research one initiative that the city 
has taken in areas such as sustainability, public 
safety, transportation, and other factors influ- 
enced by IoT developments. Prepare a digital 
presentation using a cloud-based tool such as 


Pinterest, PowerPoint Online, or Google Slides to 
share your findings with your team. 

3. You are the Chief Information Officer for a 
startup “FinTech” (financial services/technology) 
company that currently has 12 employees and 
expects to grow to 50 employees by the end of 
the year. Form a team to research and recom- 
mend a cloud-based office service such as Office 
365 or G Suite for the company. Prepare your 
report with your team using a cloud-based tool, 
such as Google Docs or Word Online, and if you 
have access to G Suite or Microsoft Teams, use 
one of these tools to facilitate your collaboration. 


Career Exercises 


1. You are working for a small real estate firm that 
is considering a migration from an on-premise 
technology infrastructure to one hosted in the 
cloud. What benefits might you identify when a 
real estate company moves to the cloud? Which 
cloud technologies and platforms might you 
research? What information might you want to 
know before recommending whether a public, 
hybrid, or private cloud architecture is appro- 
priate? What trainings, certifications, or prior 
work experiences might you seek if you need 


additional training to guide the company’s move 
to the cloud? 

2. TechWatch is an IoT company creating new 
consumer solutions for home automation and 
wearable devices. Write job descriptions for an 
entry-level position as well as a more senior 
position that the company might post on 
monster.com or another job-listing Web site to 
recruit candidates. Describe the job responsi- 
bilities, experience and education required, and 
possible salary ranges in your area. 


æ GLOBAL 


Coca-Cola Benefits from IoT 

The Coca-Cola Company leads a worldwide franchise 
system built on the foundation of local bottlers. Its many 
flavors of Coke—plus Fanta, Powerade, Dr. Pepper, and 
Sprite—are worldwide favorites. Collectively, Coca-Cola has 
more than 100,000 employees in the United States, nearly 
70 independent Coca-Cola bottlers across the United States, 


and another 225 bottling partners worldwide. Coca-Cola 

manufactures and sells concentrates, beverage bases, 

and syrups to the bottlers. It also owns the brands and is 

responsible for consumer brand marketing initiatives. 
Coca-Cola bottling partners work closely with local 

businesses, including amusement parks, convenience stores, 

grocery stores, movies, restaurants, and street vendors, to 
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execute localized strategies developed in partnership with 
Coca-Cola. These outlets sell Coca-Cola brand soft drinks 

to consumers at a rate of more than 1.9 billion servings a 
day. This approach has enabled Coca-Cola to create a global 
reach with a local focus. 

In recent years, Coca-Cola has been developing intelli- 
gent IoT-connected coolers that provide data that the com- 
pany hopes will improve productivity and boost sales at local 
outlets. These refrigerator units, which vend and dispense 
Coca-Cola products, establish secure network connections to 
a cloud-based IoT platform over which the data can be pro- 
cessed and analyzed. The coolers, which Coca-Cola first tested 
in Bulgaria in 2015, are currently being tested in smaller retail 
chains in Chicago and Dallas, and they are expected to pro- 
vide the company, bottlers, and retailers several benefits. 

An IoT-connected cooler captures and reports data 
such as product temperature, compressor cycles, and 
power consumption that can be used to trigger preventa- 
tive maintenance and avoid cooler outages. For example, 
retailers can identify a compressor that is running continu- 
ously and work to quickly resolve the issue. Data from the 
IoT-enabled coolers will also identify the busiest locations 
and most popular drinks, helping retailers to accurately set 
inventory levels and calculate machine profitability. Cam- 
eras and sensors can monitor cooler door openings and 
product movement to optimize sales. For example, retailers 
may discover that two large single-door coolers had less 
combined activity than one small single-door cooler. Con- 
nected coolers will also allow retailers to detect changes in 
shopper patterns that can be linked to daily sales figures, 
promotions, and changes in cooler location or temperature. 

The Coca-Cola Company has partnered with technology 
firms AirWatch, SAP, and Salesforce to pilot the use of these 
coolers in select markets. Coca-Cola is purposefully starting 
slowly, rolling out parts of the program, including training 
sales teams, to ensure it gets the right data flowing before 
expanding more broadly. Pilot success will be determined 
by the ability of the connected coolers to help with preemp- 
tive equipment maintenance, stock optimization, and per- 
sonalized customer communication. 

Coca-Cola Hellenic Bottling Company (Coca-Cola HBC) 
is one of the world’s largest bottlers for The Coca-Cola Com- 
pany. It has operations in Russia, Nigeria, and 26 countries 
in Europe, serving roughly 595 million consumers. Coca- 
Cola HBC is taking a much more aggressive approach to 
rolling out connected coolers by partnering with Atos Codex 


(a European IT services company), eBest IoT, and Microsoft. 
By the end of 2018, Coca-Cola HBC had deployed more 
than 300,000 refrigeration units. By adding IoT sensors and 
cameras to coolers, artificial intelligence software can pro- 
cess the data received from the sensors and cameras in real 
time and then recommend processes to streamline stocking, 
identify failing coolers, improve asset optimization, and pre- 
dict inventory levels. Coca-Cola HBC’s sales increased by 10 
percent as a result of the pilot project. 

Smart coolers also enable proximity interaction with the 
use of mobile apps, enabling Coca-Cola HBC to engage with 
customers in real time, such as offering customized offers 
and near-me promotions. In the long term, Atos predicts, 
the technology will connect Coca-Cola HBC’s entire fleet of 
1.6 million coolers. 


Critical Thinking Questions 


1. How might The Coca-Cola Company and/or its bottlers 
use connected coolers to engage with customers in real 
time? What advantages might this capability provide? 

2. The many Coca-Cola bottlers worldwide may employ 
different technology partners and different technology 
solutions to implement the connected coolers. They 
are likely to rollout the technology over different time- 
frames. Will this lack of standardization hinder the 
success of this initiative? 

3. Is there a need to share the data collected from the 
various bottlers? What issues might arise in attempting 
to share this data? 
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CHAPTER F-Commerce 


Principles Learning Objectives 


e Organizations must define e Describe the underlying concepts of e-commerce. 
and execute an effective 
strategy to be successful in 
e-commerce. 


e Outline a multistage purchasing model that describes how e-commerce 
works. 


Outline the key components of a successful e-commerce business 
strategy. 


E-commerce is evolving, Discuss common types of e-commerce applications. 
providing new ways of 

conducting business that 

present both potential benefits 

and potential problems. 


E-commerce can be used Discuss key features of electronic payment systems needed to support 
in many innovative ways to e-commerce. 

improve the operations of an 

organization. 


E-commerce requires the Identify the key components of technology infrastructure that must be in 
careful planning and inte- place for e-commerce to work. 

gration of many technology 

infrastructure components. 
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IS in Action 


E-Commerce is on Your Campus Now 


ANALYTICAL THINKING, APPLICATION 


So many university students have reached a level of technological agility that universities 
may find it difficult to develop information systems that meet their expectations. Many 
would agree that today’s students have lived with smartphones and the Web their entire 
life, and they may have a better understanding of the role of technology in society and 
business than the older generations that are creating the current e-commerce applications. 
Universities are organizations and understand that students are the consumers of their 
products—not only academics but also food service, housing, textbooks, school apparel, 
and a host of other products/services. 

We will focus on one school for its e-commerce solution to selling school apparel and 
then focus on a small group of schools that are addressing food delivery to their students. 
The University of Oregon has students, alumni, and friends that strongly support their 
athletic teams. When they reached the NCAA Tournament Sweet Sixteen in March 2017 
the demand for T-shirts, sweat shirts, and other memorabilia surged. The Duck Store— 
formerly the University of Oregon Bookstore—has 11 locations across Oregon as well as 
online sales. The online sales are one facet of the total sales effort that ties into the same 
enterprise resource planning system, point-of-sale-system, inventory system, and marketing 
system used for all sales. 

Online sales are subject to intense and sudden surges in activity, such as the Oregon 
win over Kansas that propelled the Ducks into the Final Four of the tournament. Order 
volume rose 350 percent for the Duck Store during this period compared to orders for the 
same time period the year before. Web page views rose 127 percent. How does an online 
system for a bookstore handle such large, sudden increases in activity? By planning ahead. 

In 2014, The Duck Store migrated to Oracle’s NetSuite as an e-commerce provider that 
integrates online sales with all other sales channels. This let The Duck Shop migrate from 
a collection of older legacy systems that often did not digitally communicate with each 
other. The integration allows for rapid response to online sales, such as pulling inventory 
from physical retail stores to meet the sudden surge of sales online. Sales that would have 
been backordered if online sales were a standalone system. 

Student purchases of T-shirts swell as their teams win, but meals are purchased every 
day. Students bring the same expectations of food service choices to their university as they 
had before arriving at college. They expect an app that takes their order, and they expect 
the order to be delivered. The trend to have major food chains on campus is ancient his- 
tory. Pre-ordering food for pick-up has improved the experience at campus dining outlets 
but has not really changed the process of ordering a meal. The kiosk has moved from the 
entryway of the outlet to your phone. 

Instead of “going to” a place for a meal, the process is now trending towards “bringing 
a meal” fo the student. This e-commerce is smartphone driven, where the app and payment 
systems are loaded to the student’s phone, and a meal delivered to the student is only a 
few clicks away. But is it? 

Universities are more security conscious now than they were even five years ago. 
Getting a meal delivered to a dorm frequently meant having the student meet the delivery 
person in the dorm lobby. But not at Boston University. Stoovy Snacks is a school-sanctioned 
startup that uses Boston University students to deliver food in the dorms. Because the 
delivery students have BU student IDs, they can deliver right to the dorm room door. The 
service currently delivers only evening meals from 5 pm until midnight. Boston University 
benchmark their operations against local restaurants, not other universities. 

Emory University in Atlanta focuses on delivering orders from dining halls to students. The 
app was used for only a couple of hundred mobile orders per day during its first year, but its 
use is expected to quickly increase this year. As revenues for universities decline, it is import- 
ant that profits from food services stay on campus instead of flowing to local restaurants. 
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The University of Massachusetts, Amherst, uses the ordering technology to manage food 
preparation by their kitchen staff. Better management of kitchen staff turns into higher profits. 

Convenience in the selection and delivery of meals has been the major emphasis so 
far, but there is a new concern on the horizon. Vegan, locally sourced, international foods, 
holiday meals, and sustainable food sources are only a few of the new concerns driving 
students’ meal choices today. Meals to students are largely driven by student demand, and 
students want to use their phone for interacting with food service. All of this and more 
will soon be an app on your phone. 


As you read about e-commerce in this chapter consider the questions below: 


e Some e-commerce focuses not only on a known set of products but also on an 
unknown amount of demand for those products. How does e-commerce impact the 
processes within the organization to effectively deal with uncertain levels of demand? 

e Some e-commerce is shaped by the changing demands of consumers of the online 
products. How do organizations become agile and restructure their e-commerce to 
quickly adapt to changing customer demands? 


As you read this chapter, consider the following: 


e What are the advantages of e-commerce? 

e How do innovations in technology and infrastructure affect regions across the globe? 

e How do you build e-commerce that accounts for the availability and cost of technol- 
ogy across developed markets, developing markets, and under-developed markets? 


Why Learn About E-commerce? 


Over the last several decades, e-commerce has transformed many areas of our lives and careers. One 
fundamental change has been the manner in which organizations interact with their suppliers, customers, 
government agencies, and other business partners. As a result, most organizations today have set up 
business on the Internet. To be successful, all members of the organization need to plan and participate in 
that effort. As a sales or marketing manager, you will be expected to help define your firm’s e-commerce 
business model. As a customer service employee, you can expect to participate in the development and 
operation of your firm’s Web site. As a human resource or public relations manager, you will likely be 
asked to provide Web site content for use by potential employees and shareholders. As an analyst in 
finance, you will need to know how to measure the business impact of your firm’s Web operations and 
how to compare that to competitors’ efforts. Clearly, as an employee in today’s organization, you must 
understand what the potential role of e-commerce is, how to capitalize on its many opportunities, and 
how to avoid its pitfalls. Many customers, potential employees, and shareholders will be accessing your 
firm’s Web site via desktops, smartphones, tablets, and laptops. This chapter begins by providing a brief 
overview of the dynamic world of e-commerce. 


An Introduction to E-Commerce I A 


E-commerce involves conducting business activities (e.g., distribution, buying, 
selling, marketing, and servicing of products or services) electronically over 
computer networks. Some people think of the network as roads that connect 
the Web sites together, while the Web sites are collections of content located 
along that network of roads. E-commerce includes any business transaction 
executed electronically between companies (business-to-business), companies 
and consumers (business-to-consumer), consumers and other consumers 
(consumer-to-consumer), public sector and business (government-to-business), 
the public sector to citizens (government-to-citizen), and public sector to public 
sector (government-to-government). 
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Business activities that have proven to be strong candidates for conver- 
sion to e-commerce include ones that were paper based, time consuming, and 
inconvenient for customers. Since the mid-2000s, customers have also devel- 
oped a huge appetite for digital commerce, which refers to e-commerce that 
involves a digital transmission—such as a film, a TV episode, music, an e-book, 
video games, or an event or airline e-ticket—rather than a physical product. 
This form of e-commerce is growing each year and presents its own set of 
opportunities and dangers. Sony spent approximately $44 million to produce 
the movie The Interview. Hackers believed to be working from North Korea 
hacked the movie in 2014 and threatened Sony if the movie was released and 
therefore putting the $44 million investment in jeopardy.' 


Categories of E-Commerce 


E-commerce, which is enabled by networks and other information technology 
elements has developed into many distinct categories. Three of the first recog- 
nized categories were business-to-business (B2B), business-to-consumer (B20), 
and consumer-to-consumer (C2C). Later, with the launch of e-government, the 
efficiencies of e-commerce were applied to improve the way that governments 
interacted with citizens and other government entities. 

Mobile commerce (m-commerce) has many benefits for convenience but 
also for more mundane, practical reasons. Smartphones can access the Internet 
either by the normal radio frequencies for phone conversations or by con- 
necting to a Wi-Fi connection. In most developed countries the adoption of 
smartphones is already high, and in developing countries the adoption is rising 
quickly. Moore’s Law is again at work making it constantly less expensive for 
users in developing countries to have access to mobile computing even though 
the users may not be able to afford a laptop or desktop computer. 

But mobile computing has some inherent limitations, most notable is 
the small amount of space where the e-commerce application can display 
information. Another limitation is that it is much easier to lose or misplace a 
smartphone than a desktop or laptop. What happens if someone other than 
the owner starts using the smartphone for e-commerce? These issues require 
e-commerce developers to wrestle with questions such as where sensitive infor- 
mation may reside? On the phone or in the cloud to be accessed via the phone? 

As you read the rest of this chapter keep in mind that e-commerce addresses 
the entire commerce model from identifying customers to service after the sale. 
Your organization actively searches for new customers but also the customer 
may find you. Once found, the customer makes a selection of a product or 
service—sometimes the price will be negotiated. When both parties to the 
purchase agree to the terms and costs a purchase is made. Delivery can be a 
traditional, physical delivery, a digital delivery, or a combination of both. Don’t 
forget that service after the sale is made is a critical step of the transaction. 


Business-to-Business (B2B) E-Commerce 


business-to-business (B2B) Business-to-business (B2B) e-commerce is a subset of e-commerce in which 
e-commerce: A subset of all the participants are organizations. B2B e-commerce is a useful tool for con- 
e-commerce in which all the necting business partners in a virtual supply chain to cut resupply times and 
parie panis are organizatan: reduce costs. Although the business-to-consumer market grabs more of the news 
headlines, the B2B market is considerably larger and is growing more rapidly. 
B2B sales within the United States are estimated to reach $1.8 trillion by 2023.? 
In 2018, almost half of all B2B buyers were millennials and their percent- 
age is rapidly growing.’ Popular B2C Web sites have helped raise expectations 
as to how an e-commerce site must operate, and many B2B companies are 
responding to those heightened expectations by investing heavily in their B2B 
platforms. Spending on e-commerce technologies by large U.S. manufacturers, 

wholesalers, and distributors is expected to top $2 billion in 2019.4 
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omnichannel: An integrated 
strategy for engaging customers 

(and potential customers) across 
multiple platforms and channels of 
communication to provide a seamless 
experience. 


FIGURE 9.1 
Grainger e-commerce 
Grainger offers more than 1.5 million 
items online. 


Moving more customers online is key to B2B commerce success, so in 
addition to investing in new technologies, B2B companies are focusing on new 
ways of engaging their customer across multiple channels—both online and 
offline. The average B2B buyer uses six different channels in the decision to 
purchase. Unfortunately, only 36 percent of organizations have even started to 
support multiple channels for B2B.° 

Beginning in 2010, organizations began adopting a new strategy for 
interacting with customers across multiple channels. Omnichannel refers to 
an integrated strategy for engaging customers (and potential customers) across 
multiple platforms and channels of communication to provide a seamless expe- 
rience. Organizations aspire to have the multiple channels of communication 
happen at the same time, but this is difficult to achieve. Think of a purchasing 
agent speaking with an organization’s salesperson while reading customer 
review’s on the Twitter feed for the product. Later, that agent may go to 
the company’s Web site, where a virtual assistant helps guide her purchase. 
Omnichannel engagement provides multiple ways for that purchasing agent to 
evaluate the terms of the B2B transaction. 

Many organizations use both buy-side e-commerce to purchase goods and 
services from their suppliers and sell-side e-commerce to sell products to their 
customers. Buy-side e-commerce activities include identifying and comparing 
competitive suppliers and products, negotiating and establishing prices and 
terms, ordering and tracking shipments, and steering organizational buyers 
to preferred suppliers and products. Sell-side e-commerce activities include 
enabling the purchase of products online, providing information for custom- 
ers to evaluate the organization’s goods and services, encouraging sales and 
generating leads from potential customers, providing a portal of information 
of interest to the customer, and enabling interactions among a community of 
consumers. Thus, buy-side and sell-side e-commerce activities support the orga- 
nization’s value chain and help the organization provide lower prices, better 
service, higher quality, or uniqueness of product and service. 

Grainger is a B2B distributor of products for facilities maintenance, repair, 
and operations (a category called MRO) with more than 1.5 million differ- 
ent items offered online. See Figure 9.1. In 2018, the company’s online sales 
exceeded $11 billion.® A key part of Grainger’s e-commerce success is its suite 
of mobile apps, which make it possible for customers to access products online 
and quickly find and order products via a smartphone or other mobile device. 
Over 60 percent of Grainger’s revenue comes from online transactions.’ 
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Business-to-Consumer (B2C) E-Commerce 


Business-to-consumer (B2C) e-commerce is a form of e-commerce in which 
customers deal directly with an organization and avoid intermediaries. Early 
B2C pioneers competed with the traditional “brick-and-mortar” retailers, selling 
their products directly to consumers. For example, in 1995, upstart Amazon. 
com challenged well-established booksellers Waldenbooks and Barnes & Noble. 
Amazon did not become profitable until 2003, but since then, it has become 
a retail giant, selling a wide variety of products through 14 international Web 
sites (called marketplaces) to customers in more than 180 countries. Accord- 
ing to the U.S. Department of Commerce, B2C commerce accounted for more 
than 14 percent of total retail sales in 2018. Amazon dominates the U.S. B2C 
market with 40 percent of U.S. B2C sales.’ As with B2B sales, B2C revenue is 
increasingly being driven by customers using mobile devices. A 2018 survey 
found that 79 percent of customers ordered online within the last six months.'° 

By using B2C e-commerce to sell directly to consumers, producers and pro- 
viders of consumer products can eliminate the middlemen, or intermediaries, 
between them and the consumer. In many cases, this squeezes costs and inef- 
ficiencies out of the supply chain and can lead to higher profits for businesses 
and lower prices for consumers. The elimination of intermediate organizations 
between the producer and the consumer is called disintermediation. 

More than just a tool for placing orders, the Internet enables shoppers to 
compare prices, features, and value, and to check other customers’ opinions. 
Consumers can, for example, easily and quickly compare information about 
automobiles, cruises, loans, insurance, and home prices to find better values. 
The user may use multiple channels of Web sites and social media in the search 
for information. Internet shoppers can unleash shopping bots or access sites 
such as Google Shopping, Shopzilla, PriceGrabber, and Yahoo! Shopping to 
browse the Internet and obtain lists of items, prices, and merchants. Increas- 
ingly, B2C retailers look to encourage customers to write reviews based on 
confirmed purchases because reviews by verified shoppers are often more 
influential than anonymous reviews in terms of generating additional sales. 

Worldwide, B2C e-commerce sales continue to grow rapidly, reaching 
$3.5 trillion in 2019." China is expected to reach almost $2 trillion in 2019, 
which means more than half of B2C e-commerce will occur in China during 
2019.” Table 9.1 shows the top ten countries ranked by e-commerce sales. 


TABLE 9.1 Countries ranked by retail e-commerce sales 


Top 10 Countries, Ranked by Retail Ecommerce Sales, 


2018 & 2019 
Billions and % change 
2019 % change 
1. China* $1,520.10 $1,934.78 27.3% 
5 UES) $514.84 $586.92 14.0% 
3. UK $127.98 $141.93 10.9% 
4. Japan $110.96 $115.40 4.0% 
5. South Korea $87.60 $103.48 18.1% 
6. Germany $75.93 $81.85 7.8% 
7. France $62.27 $69.43 11.5% 
8. Canada $41.12 $49.80 21.1% 
9. India $34.91 $46.05 31.9% 
10. Russia $22.68 $26.92 18.7% 


Note: Includes products or services ordered using the Internet via any device, regardless of the method of 
payment or fulfillment; excludes travel and event tickets, payments such as bill pay, taxes or money trans- 
Jers, food services and drinking place sales, gambling and other vice good sales. 
*excludes Hong Kong 
Source: eMarketer, May 2019 
SOURCES: “Global Ecommerce 2019,” eMarketer, June 27, 2019, https://www.emarketer.com/content/ 
global-ecommerce-2019 
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One reason for the steady growth in B2C e-commerce is that shoppers find 
that many goods and services are cheaper when purchased online, including 
stocks, books, newspapers, airline tickets, and hotel rooms. 

Another reason for the growth in B2C e-commerce is that online B2C shop- 
pers have the ability to design a personalized product. Nike, Inc. provides a suc- 
cessful example of this approach to personalization. The company’s online Nike 
By You service (formerly NIKEiD) enables purchasers to customize a pair of 
shoes by selecting from different material, features, and fit options—including 
the level of insole cushioning, sole material, and the fabric color and design 
of everything from the lining of the shoe to the laces. Nike also allows you to 
create your own text or logo to further individualize their shoes by adding a 
personal message to their shoes—whether that be a personal mantra, a sports 
team affiliation, or a personal record.'*"“ 

Yet a third reason for the continued growth of B2C e-commerce is the 
effective use of social media networks by many companies looking to reach 
consumers, promote their products and generate online sales. Vera Bradley is a 
luggage design company that produces a variety of products, including quilted 
cotton luggage, handbags, and accessories. The firm has more than 1.8 million 
Facebook followers and is one of the most followed Internet retailers on Pin- 
terest. Indeed, Vera Bradley has been extremely conscientious in cross-posting 
items on social media sites, including Facebook, YouTube, and Pinterest. When 
you visit the Vera Bradley Web site, Pinterest and other social buttons appear 
on the product pages so that shoppers can share their likes with friends. Vera 
Bradley is an example of a B2C retailer that makes social media channels work 
together effectively to reach more potential customers. 

Facebook, Instagram, Pinterest, and Twitter are just a few social media sites 
that are continuing to add “paid social” features designed to help e-commerce 
companies generate sales by reaching a targeted audience. In 2018, Pinterest 
introduced “Product Pins,” allowing more of the social network’s 265 million 
active users to purchase products without ever leaving the site.'*" 

Many B2C merchants have also added social commerce or social shopping 
tools to their own sites. The number of retailers doing this is small now but 
promises to grow soon. Snapchat has a feature that allows users to take a photo 
of a product or of its barcode, find that item or a similar item on a Web site, 
and then purchase the item.” 

Another important trend is that of consumers researching products online 
but then purchasing those products at a local brick-and-mortar store. Sales 
in local stores that are stimulated through online marketing and research are 
called Web-influenced sales. In 2018, 87 percent of shoppers searched for 
product information online, in fact, 71 percent of shoppers used their mobile 
device in the stores to find information while shopping.’ 

As noted earlier in the chapter, Amazon is the dominant B2C retailer in the 
United States. B2C competitor Alibaba is a Chinese-based company with larger 
B2C sales than any U.S. company except Amazon. To understand just how much 
larger Amazon is than Alibaba see Table 9.2, which compares the two giants. 


TABLE 9.2 Comparing the world’s two largest B2C retailers 


Comparing Alibaba and Amazon 


Alibaba Amazon 
Annual Sales $39.8 billion $232.8 billion 
Annual net profit $10.2 billion $10.0 billion 
Domestic e-commerce as percentage of about 80% about 60% 


total e-commerce 


SOURCE: Naoki Matsuda and Mariko Hirano, “Alibaba Struggles to Follow Amazon Beyond E-Commerce,” 
Nikkei Asian Review, February 5, 2019, bttps.//asia.nikkei.com/Business/Companies/Alibaba-struggles-to- 
follow-Amazon-beyond-e-commerce. 
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As a result of a 1992 Supreme Court ruling, online retailers did not have to 
collect sales taxes in states where they lacked a physical presence. Consumers 
who lived in states that had such a physical with sales tax were supposed to 
keep track of their out-of-state purchases and report those “use taxes” on their 
state income tax returns. However, few tax filers reported such purchases. Thus, 
despite having a legal basis to do so, states found it very difficult to collect sales 
taxes on Internet purchases. This avoidance of sales tax creates a price advan- 
tage for online retailers over brick-and-mortar stores, where sales taxes must 
be collected. It also resulted in the loss of about $23 billion in tax revenue that 
would have gone to state and local governments to provide services for their 
citizens. In 2013, and again in 2015, the United States Supreme Court declined 
to get involved in state efforts to force Web retailers, such as Overstock and 
eBay, to collect sales tax from customers. 

The court’s failure to act put pressure on Congress to devise a national 
solution, as both online and traditional retailers complain about a patchwork 
of state laws and conflicting lower-court decisions. Many states devised ways 
to sidestep the Supreme Court’s rulings or initiate new challenges in the courts. 
Louisiana, Nebraska, and Utah are all considering measures that would expand 
the definition of “physical presence” to include a company’s use of a third-party 
shipping company to deliver products to customers’ homes.'? Another way to 
infer a nexus occurs is by defining an annual sales amount per year and/or 
number of sales a year in that state. In the meantime, several other states are 
simply moving forward with efforts to collect tax from online purchases, and 
many merchants are already complying. In 2018, the Supreme Court ruled that 
a company did not need a physical presence in the state or even a nexus in 
order to be compelled to collect state tax for online purchases, and many of 
the large e-commerce retailers have complied.” 


Consumer-to-Consumer (C20) E-Commerce 


Consumer-to-consumer (C2C) e-commerce is a subset of e-commerce that 
involves electronic transactions between consumers using a third party to facil- 
itate the process. eBay is an example of a C2C e-commerce site; customers 
buy and sell items to each other through the site. Founded in 1995, eBay has 
become one of the most popular Web sites in the world, with 2018 net revenue 
of $10.8 billion.” 

Ubid, Facebook Marketplace, and Taobao. The growth of C2C is responsible for 
a drastic reduction in the use of the classified pages of newspapers to advertise 
and sell personal items and services, so it has had a negative impact on that 
industry. On the other hand, C2C has created an opportunity for many people 
to make a living out of selling items on auction sites. According to eBay, the 
gross merchandise volume for items sold on its site was expected to exceed 
$88 billion in 2019.” 

Companies and individuals engaging in e-commerce must be careful that 
their sales do not violate the rules of various county, state, or country legal 
jurisdictions. More than 4,000 Web sites offer guns for sale, and on the Armslist 
Web site alone, over 20,000 gun ads are posted each week. Extending back- 
ground checks to the flourishing world of online gun sales has become a 
highly controversial issue in the United States. Under current law, the question 
of when a background check must occur depends on who is selling the gun. 
Federal regulations require licensed dealers to perform checks, but the legal 
definition of who must be licensed has not been clear.” An executive action 
signed by President Barack Obama on January 4, 2016, was designed to extend 
background check requirements to more types of online gun sellers, including 
more private sellers who had previously been exempted.” 

Table 9.3 summarizes the key factors that differentiate B2B, B2C, and C2C 
e-commerce. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


320 PART 3 © Business Information Systems 


TABLE 9.3 Differences among B2B, B2C, and C2C 


Factors 


Typical value of sale 


Length of sales process 


Number of decision 
makers involved 


Uniformity of offer 


Complexity of buying 
process 


Motivation for sale 


e-government: The use of 
information and communications 
technology to simplify the sharing of 
information, speed formerly paper- 
based processes, and improve the 
relationship between citizens and 
government. 


B2B 


Thousands or millions of 
dollars 


Days to months 


Several people to a dozen 
or more 


Typically a uniform 
product offering 


Extremely complex; much 
room for negotiation on 
quantity, quality, options 
and features, price, pay- 
ment, and delivery options 


Driven by a business 
decision or need 


B2C 


Tens or hundreds of 
dollars 


Days to weeks 


One or two 


More customized product 
offering 


Relatively simple; limited 
negotiation on price, pay- 
ment, and delivery options 


Driven by an individual 
consumer’s need or 
emotion 


C2C 


Tens of dollars 


Hours to days 


One or two 


Single product offering, 
one of a kind 


Relatively simple; limited 
negotiation on payment 
and delivery options; 
negotiations focus on price 


Driven by an individual 
consumer’s need or 
emotion 


E-Government 


E-government is the use of information and communications technology to 
simplify the sharing of information, speed formerly paper-based processes, and 
improve the relationship between citizens and government. Government-to- 
citizen (G2C), government-to-business (G2B), and government-to-government 
(G2G) are all forms of e-government, each with different applications. 

U.S. citizens can use G2C applications to submit their state and federal tax 
returns online, renew auto licenses, purchase postage, and apply for student 
loans. Citizens can also purchase items from the U.S. government through its 
GSA Auctions Web site, which offers the general public the opportunity to bid 
online for a wide range of government assets. HealthCare.gov is a healthcare 
exchange Web site created by and operated under the U.S. federal government 
as specified in the Patient Protection and Affordable Care Act. It is designed 
for use by residents in the 34 U.S. states that do not operate their own state 
exchanges. By accessing this Web site, users can view healthcare options, 
determine if they are eligible for healthcare subsidiaries, and enroll in a plan.” 

G2B applications support the purchase of materials and services from 
private industry by government procurement offices, enable firms to bid on 
government contracts, and help businesses identify government contracts on 
which they may bid. The Web site USA.gov/business allows small businesses to 
access information about laws and regulations and to download the relevant 
forms needed to comply with federal requirements for their businesses. Federal 
agencies post procurement notices on the FedBizOpps Web site to provide an 
easy point of contact for businesses that want to bid on government contracts 
with a value of $25,000 or more. 

G2G applications support transactions between government entities, such 
as between the federal government and state or local governments. Government 
to Government Services Online (GSO) is a suite of Web applications that enables 
government organizations to report information—such as birth and death data, 
arrest warrant information, and information about the amount of state aid being 
received—to the Social Security Administration. This information can affect the 
payment of benefits to individuals. Many state governments provide a range 
of e-government services to various state and local agencies. For example, the 
state of Oregon’s transaction payment engine (TPE) option enables agencies to 
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use an efficient Internet payment solution while adhering to statewide policies 
and procedures. This service is just one aspect of Oregon’s E-Government pro- 
gram, which has the goals of creating a uniform online identity for the state of 
Oregon, promoting digital government, and saving Oregon taxpayers money.”°”” 


Critical Building a Successful B2B Web Site 


Thinking æ APPLICATION 
Exercise 


Two years ago, you started a business, Wilmington Powell Brewing, selling home- 
brewing supplies. Since then, you have developed and expanded the business to 
include a small brewery that has a bar area where customers can buy glasses of the 
beer you brew. You have a strong local following, and you regularly brew a dozen 
standard brews along with seasonal brews for holidays and other occasions. The 
brewery is located in a tourist town with a local population of about 250,000 that 
swells by an additional 100,000 during the summer months. 

Through the local chamber of commerce, you have connected with a number 
of restaurants in your area, and a few have become customers. You have been 
servicing those customers with phone calls and visits, but that is time consum- 
ing for both you and the restaurants’ management. Your area has approximately 
100 restaurants that could serve your beer, and with your brewing capabilities, you 
could reasonably handle 15 to 20 restaurants as regular customers—if you could 
attract the business and find a way to work with your customers more efficiently. 
You have decided the best way to do that is to develop a Web site, which you hope 
to launch in the next several months. 


Review Questions 

1. What features should be included on your new Web site? 

2. What benefits will your customers likely expect from using a Web site to 
purchase product from you? 


Critical Thinking Questions 

1. Should you design the Web site yourself, or should you hire a professional with 
experience in designing Web sites for similar businesses? 

2. What might a omnichannel strategy look like for the brewery after the launch 
of your Web site? 


Introduction to M-Commerce ee . 2 


The types of e-commerce discussed earlier in this chapter—in particular, 
B2B and B2C—are frequently associated with the technology available when 
these e-commerce solutions became available. Desktops and laptops were the 
most commonly used devices to conduct e-commerce. As technology became 
more powerful and less expensive, users began accessing e-commerce via 
tablets and smartphones. The concepts and strategies stayed the same, but 
the tactics of e-commerce had to change. Why? Because the size of the 
users’ interface was so much smaller. Companies needed to reengineer their 
e-commerce Web sites to ensure that users could still effectively interact 
with their sites. 

Mobile commerce (m-commerce) relies on the use of mobile devices, such 
as smartphones and tablets, to place orders and conduct business. Smartphone 
manufacturers such as Apple, Huawei, Lenovo, LG, Samsung, and Xiaomi have 
worked with communications carriers such as AT&T, Sprint/Nextel, T-Mobile, 
and Verizon to develop wireless devices, related technology, and services to 
support m-commerce. 
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M-Commerce in Perspective 


M-commerce is a rapidly growing segment of e-commerce. In 2017, m-commerce 
accounted for approximately 35 percent of all e-commerce, and by 2021, its 
portion of e-commerce sales is expected to reach 54 percent.” In the United 
States, m-commerce sales totaled $207 billion in 2018.” 

The market for m-commerce in North America is maturing much later than 
in other countries, such as Japan, South Korea, and the United Kingdom, for 
several reasons. In North America, responsibility for network infrastructure is 
fragmented among many providers, and consumer payments are usually made 
by credit card. In most Western European countries, consumers are much more 
willing to use m-commerce. Japanese consumers are generally enthusiastic 
about new technology and therefore have been much more likely to use mobile 
technologies to make purchases. 

The number of mobile Web sites worldwide has grown rapidly because 
of advances in wireless broadband technologies, the development of new and 
useful applications, and the availability of less costly but more powerful smart- 
phones. Experts point out, however, that the relative clumsiness of mobile 
browsers and security concerns still must be overcome to speed the growth 
of m-commerce. 


M-Commerce Sites 


A number of retailers have established special Web sites for mobile devices 
users. Table 9.4 provides a list of some of the top-ranked mobile Web sites 
according to a recent survey of more than 400,000 people by OC&C Strategy 
Consultants. 


TABLE 9.4 Highly rated m-commerce retail Web sites 


Rank Company 


1 eBay 

2 Amazon 

3 Apple 

+ Burberry 

5 John Lewis 
6 Lush 


SOURCE: Goldfingle, Gemma, “The Top 10 M-Commerce Sites, According To OC&C’s Proposition Index,” 
RetailWeek, January 25, 2016, www.retail-week.com/technology/online-retail/the-top-10-m-commerce-sites- 
according-to-occs-proposition-index/70041 40, fullarticle. 


Consumers often place high value on different criteria, depending on the 
type of mobile site. In the OC&C survey, eBay and Amazon ranked highly due 
to their convenience, effective search tools, and transaction speed. The mobile 
site for natural cosmetics company Lush was rated highly because it created a 
strong emotional connection with consumers. 


Advantages of E-Commerce a (ma | 


Conversion to an e-commerce or m-commerce system enables organizations 
to reach new customers, reduce the cost of doing business, speed the flow of 
goods and information, increase the accuracy of order-processing and order 
fulfillment, and improve the level of customer service. These increased effi- 
ciencies are important, but they do not tell the entire story. E-;commerce—and 
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m-commerce, in particular—can lead to a more effective experience for the orga- 
nization and the customer. The convenience of anytime/anywhere m-commerce 
leads to higher levels of interaction and more purchases. A reduction in costs 
as a result of moving more transactions to e-commerce is an important benefit, 
but the greater benefit comes from the fact that more transactions are initiated 
and processed. 


Reach New Customers 


The establishment of an e-commerce Web site enables a firm to reach new cus- 
tomers in new markets. Indeed, this is one of the primary reasons organizations 
give for establishing a Web site. 

Founded in 1978, Shoe Carnival is a chain of more than 400 footwear stores 
located in 33 states. Shoe Carnival’s unique concept involves creating a high- 
energy atmosphere within each store through features such as a “spinning wheel 
of savings” and a team member on a microphone interacting with shoppers. 
According to Ken Zimmerman, vice president of digital at Shoe Carnival, the 
chain’s goal is “to entertain our customers. We create a fun place with music 
and excitement.” Initially, the Shoe Carnival Web site served only as a source of 
information for customers; however, the company now has a full e-commerce 
site—which includes social shopping tools such as customer-generated reviews of 
individual items—that has allowed the company to expand its reach to customers 
in areas where it does not have physical stores. The company’s national advertising 
campaign is focused on driving more traffic to the company’s e-commerce site, 
and the company’s future online efforts will be focused on re-creating its “surprise 
and delight” concept online to differentiate it from other online shoe stores.*! 

More recent applications of m-commerce reflect that more and more peo- 
ple are likely to use their phones as the primary interface for e-commerce. 
Mobile banking and mobile stock trading have become steadily more important 
to this group of consumers. Charles Schwab and Capital One have both become 
very active in this area, although they are hardly alone. Nerdwallet has become 
a favorite site for consumers to learn about the benefits of digital finance. 


Reduce Costs 


By eliminating or reducing time-consuming and labor-intensive steps through- 
out the order and delivery process, more sales can be completed in the same 
period and with increased accuracy. With increased speed and accuracy of 
customer order information, companies can reduce the need for inventory— 
from raw materials to safety stocks and finished goods—at all the intermediate 
manufacturing, storage, and transportation points. 

BloomNation bills itself as a “trusted community marketplace for people 
to list, discover, and send unique bouquets handcrafted by local florists across 
the country.”*” Launched as a response to the rising commissions being charged 
by the dominant floral wire services; including FTD, 1-800-Flowers, and Tele- 
flora; the BloomNation site offers floral arrangements from over 1,500 florists 
around the country who take and post their own photos on the site. The flo- 
rists are able to take advantage of the increased exposure and stability that 
BloomNation’s site offers, without some of the staffing and other costs associ- 
ated with processing individual customer orders and payments. The florists also 
pay lower per-order fees—just 10 percent per order rather than the 27 percent 
charged by the large wire services.** 


Speed the Flow of Goods and Information 


When organizations and their customers are connected via e-commerce, the 
flow of information is accelerated because electronic connections and commu- 
nications are already established. As a result, information can flow from buyer 
to seller easily, directly, and rapidly. 
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Shutterfly, an online provider of photographic products and services to 
both businesses and consumers, generated nearly $2 billion in revenue in 
2018. While the vast majority of Shutterfly’s e-commerce revenue comes from 
B2C transactions, the company also offers B2B marketing products and ser- 
vices through its Web site, where business customers can order customized, 
four-color marketing materials. The company’s e-commerce capabilities, auto- 
mated workflow, and large-scale production centers allow business customers 
to quickly customize and place their orders—cutting the project completion 
time from weeks to days for many clients.**** 


Increase Accuracy 


By enabling buyers to enter their own product specifications and order infor- 
mation directly, human data-entry error on the part of the supplier is elimi- 
nated. And order accuracy is important—no matter what the product. Domino’s, 
the largest pizza chain in the world, was one of the first chain restaurants 
to offer an e-commerce site where customers could enter and pay for their 
orders. More than half of Domino’s sales now comes through its e-commerce 
site. Using the site’s Easy Order feature, customers can enter their orders and 
address information directly—improving order and delivery accuracy. And for 
customers who create a “Pizza Profile” online, ordering can be as simple as 
sending a tweet or a text (customers can initiate an order using just a pizza 
emoji) or just clicking a button on the Domino’s smartphone app.” 


Improve Customer Service 


Increased and more detailed information about delivery dates and current sta- 
tus can increase customer loyalty. In addition, the ability to consistently meet 
customers’ desired delivery dates with high-quality goods and services elimi- 
nates any incentive for customers to seek other sources of supply. 

Customers come to Sticker Mule’s e-commerce site to order customized stick- 
ers for a wide range of projects, whether that be to market a business, label 
products, drive traffic to a Web site, or raise money for a crowdfunding project. 
When developing its e-commerce site, Sticker Mule placed a high priority on ease 
of use. Customers using the site can place their orders within a matter of minutes 
and then view and approve order proofs online, further reducing the time it takes 
to complete orders. Sticker Mule’s Web infrastructure allows its customer service 
team to consolidate support inquiries from a variety of channels—including email, 
Web, and phone—into one place, making it easier and faster for team members 
to respond to customer queries. And because customer service is a top priority 
for Sticker Mule, its site also includes a sophisticated help center with more than 
200 articles (in multiple languages) that customers can research on their own. 
The site also allows customers to post reviews.*” 


Multistage Model for E-Commerce 35 ._ 2 


A successful e-commerce system must address the many stages that consumers 
experience in the sales life cycle. At the heart of any e-commerce system is the 
user’s ability to search for and identify items for sale; select those items and nego- 
tiate prices, terms of payment, and delivery date; send an order to the vendor to 
purchase the items; pay for the product or service; obtain product delivery; and 
receive after-sales support. Figure 9.2 shows how e-commerce can support each of 
these stages. Product delivery can involve tangible goods delivered in a traditional 
form (e.g., clothing delivered via a shipping company) or goods and services 
delivered electronically (e.g., software or a movie downloaded over the Internet). 
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FIGURE 9.2 
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Search and Identification 


An employee ordering parts for a storeroom at a manufacturing plant would 
follow the steps shown in Figure 9.2. Assume the storeroom stocks a wide 
range of office supplies, spare parts, and maintenance supplies. The employee 
prepares a list of needed items—for example, fasteners, piping, and plastic 
tubing. Typically, for each item carried in the storeroom, a corporate buyer 
has already identified a preferred supplier based on the vendor’s price com- 
petitiveness, level of service, quality of products, and speed of delivery. The 
employee then logs on to the Internet and goes to the Web site of the pre- 
ferred supplier. 

How does your organization become a preferred supplier? First, design 
the organization’s Web page to be intuitive from the user’s point of view. That 
view may be quite different from the way someone within your organization 
would navigate the site. Second, multichannel to enhance the user’s experience. 
Provide a chat or a phone feature that allows someone in your organization to 
follow the user as they navigate through the site, providing help and sugges- 
tions as the customer shops. 

From the supplier’s home page, the employee can access a product catalog 
and browse until he or she finds the items that meet the storeroom’s specifi- 
cations. The employee fills out a request-for-quotation form by entering the 
item codes and quantities needed or by simply dragging them to a shopping 
cart. When the employee completes the quotation form, the supplier’s Web 
application calculates the total charge of the order with the most current prices 
and shows the additional cost for various forms of delivery—overnight, within 
two working days, or the next week. The employee might elect to visit other 
suppliers’ sites and repeat this process to search for additional items or obtain 
competing prices for the same items. 
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Select and Negotiate 


After price quotations have been received from each supplier, the employee 
examines them and indicates by clicking the request-for-quotation form which 
items to order from a given supplier. The employee also specifies the desired 
delivery date. In addition to price, an item’s quality and the supplier’s ser- 
vice and speed of delivery can be important in the selection and negotiation 
process. 

B2B e-commerce systems need to support negotiation between a buyer 
and the selected seller over the final price, delivery date, delivery costs, and 
any extra charges. However, these features are not fundamental requirements 
of most B2C systems, which typically offer their products for sale on a “take- 
it-or-leave-it” basis. 


Purchase Products and Services Electronically 


The employee completes the purchase order specifying the final agreed- 
upon terms and prices by sending a completed electronic form to the 
supplier. Complications can arise in paying for the products. Typically, a 
corporate buyer who makes several purchases from a supplier each year 
has established credit with the supplier in advance, and all purchases are 
billed to a corporate account. But when individual consumers make their 
first, and perhaps only, purchase from the supplier, additional safeguards 
and measures are required. Part of the purchase transaction can involve 
the customer providing a credit card number. Another approach to paying 
for goods and services purchased over the Internet is using electronic 
money, which can be exchanged for hard cash, as discussed later in the 
chapter. 


Deliver Products and Services 


Digital distribution can be used to deliver software, music, pictures, videos, 
and written material through the Internet faster and less expensively than 
shipping the items via a package delivery service. Most non-digital products 
cannot be delivered over the Internet, so they are delivered in a variety of 
other ways: overnight carrier, regular mail service, truck, or rail. In some 
cases, the customer might elect to drive to the supplier and pick up the 
product. 

Many manufacturers and retailers have outsourced the physical logistics 
of delivering merchandise to other companies that take care of the storing, 
packing, shipping, and tracking of products. To provide this service, DHL, 
Federal Express, United Parcel Service, the U.S. Postal Service, and other 
delivery firms have developed software tools and interfaces that directly 
link customer ordering, manufacturing, and inventory systems with their 
own systems of highly automated warehouses, call centers, and worldwide 
shipping networks. The goal is to make the transfer of all information and 
inventory, from the manufacturer to the delivery firm to the consumer, fast 
and simple. 

For example, when a customer orders a printer on the Hewlett-Packard 
(HP) Web site, that order actually goes to FedEx, which stocks the products 
that HP sells online to U.S. buyers at a dedicated e-distribution facility in Mem- 
phis, Tennessee, a major FedEx shipping hub. FedEx ships the order, which 
triggers an email notification to the customer that the printer is on its way and 
an inventory notice is sent to HP that the FedEx warehouse now has one less 
printer in stock. See Figure 9.3. 
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Product and Information flow 
When a customer orders an HP 
printer online, the order goes first to 
FedEx, which ships the order, trig- 
gering an email notification to the 
customer and an inventory notice 
to HP. 
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For product returns, HP enters return information into its own system, 
which is linked to FedEx’s systems. This information signals a FedEx courier 
to pick up the unwanted item at the customer’s house or business. Customers 
don’t need to fill out shipping labels or package the item. Instead, the FedEx 
courier uses information transmitted over the Internet to a computer in his 
truck to print a label from a portable printer attached to his belt. FedEx has 
control of the return, and HP can monitor its progress from start to finish. 


After-Sales Service 


In addition to the information required to complete an order, comprehensive cus- 
tomer information is also captured from each order and stored in the supplier’s 
customer database. This information can include the customer name, address, 
telephone numbers, contact person, credit history, and other details. For exam- 
ple, if a customer later contacts the supplier to complain that not all items were 
received or that some arrived damaged, any customer service representative 
will be able to retrieve the order information from the database. Organizations 
provide multiple ways to locate customer orders in their systems—using a cus- 
tomer’s name or phone number or even the date or the order and the zip code 
where the customer is located. Many companies also provide extensive after-sale 
information on their Web sites, such as how to maintain a piece of equipment, 
how to effectively use a product, and how to receive repairs under warranty. 


E-Commerce Challenges Ji m 


A company must overcome many challenges to convert its business processes 
from the traditional form to e-commerce processes, especially for B2C 
e-commerce. As a result, not all e-commerce ventures are successful. For exam- 
ple, Borders began an online Web site in the late 1990s, but after three years 
of operating in the red, the bookseller outsourced its e-commerce operations 
to Amazon in 2001. Borders reversed course and decided to relaunch its own 
Borders.com Web site in May 2008, but continued to generate disappointing 
sales figures. As a result of the substandard results, many top executives were 
replaced, including the CIO and senior vice president of sales. Borders tried 
to keep both a physical presence (with coffee shops and chairs in their stores) 
and a strong digital presence, but in early 2011, Borders applied for bankruptcy 
protection and began closing its stores.** 
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identity theft: The use of 
someone's personal identification 
information without his or her 
permission, often to commit fraud or 
other crimes. 


You may wonder if Borders, a bookseller, was wise to outsource its Web 
site to Amazon because Amazon started as a bookselling Web site and is known 
to aggressively buy out its competitors and startups. There are both opportu- 
nities and dangers in the e-commerce world. 

The following are three key challenges to e-commerce: (1) dealing with 
consumer privacy concerns, (2) overcoming consumers’ lack of trust, and 
(3) overcoming global issues. We’ll examine these in the following sections. 


Dealing with Consumer Privacy Concerns 


While two-thirds of U.S. Internet users have purchased an item online and most 
Internet users say online shopping saves them time, about one-third of all adult 
Internet users will not buy anything online primarily because they have privacy 
concerns or lack trust in online merchants. In addition to having an effective 
e-commerce model and strategy, companies must carefully address consumer 
privacy concerns and overcome consumers’ lack of trust. 

The following are a few examples of recent security beaches in which 
personal data was compromised: 


e Close to 50 million Facebook users had their personal information stolen 
in 2018 when hackers exploited bugs in the one of the site’s features that 
was actually intended to provide users more control over their privacy 
settings. Some members of Congress have called for more Congressional 
oversight of companies such as Facebook that have a large number of 
users, store private information, and have been hacked.” 

e Patreon, a crowdfunding platform that allows users to make ongoing 
donations to a Web site, artist, or project sustained a security breach that 
resulted in their entire cache of data—including names, email addresses, 
and donation records—being published online.“ 

e The names, addresses, and passport numbers of more than 500 million 
guests of Starwood Hotels (owned by Marriott) was stolen in 2018.” 

e In 2018, Under Armour disclosed a breach of 150 million records of 
users of its MyFitnessPal app. While the hackers did not gain access to 
users’ social security number, payment information, or driver’s license 
numbers, they were able to access usernames, email addresses, and 
hashed (or encrypted) passwords. 


In some cases, the compromise of personal data can lead to identity theft. 
According to the Federal Trade Commission (FTC), “Identity theft occurs when 
someone steals your personal information and uses it without your permis- 
sion.”** Often stolen personal identification information (PID, such as your 
name, Social Security number, or credit card number, is used to commit fraud 
or other crimes. Thieves may use a consumer’s credit card numbers to charge 
items to that person’s accounts, use identification information to apply for a 
new credit card or a loan in a consumer’s name, or use a consumer’s name and 
Social Security number to receive government benefits. 

Companies must be prepared to make a substantial investment to safe- 
guard their customers’ privacy or run the risk of losing customers and gener- 
ating potential class action lawsuits should the data be compromised. It is not 
uncommon for customers to initiate a class action lawsuit for millions of dollars 
in damages for emotional distress and loss of privacy. In addition to potential 
damages, companies must frequently pay for customer credit monitoring and 
identity theft insurance to ensure that their customers’ data is secure. 

Facebook faced a lawsuit stemming from the 2018 data breach within days 
of announcing it. What made the breach so threatening was that Facebook users 
who connected to their accounts through Instagram, and possibly other social 
media platforms, were at risk of having those platform accounts hacked as well.“ 
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In order to address customers’ privacy concerns, companies looking to 
do business online must invest in the latest security technology and employ 
highly trained security experts to protect their consumers’ data. For large 
companies, that can mean a sizable in-house staff that monitors security 
issues 24/7. Smaller companies often rely on security services provided by 
companies such as Symantec, whose Norton Secured Seal is intended to 
provide customers with the confidence they need to transact e-commerce 
business. 

Akimbo Financial is a financial services company based in San Antonio, 
Texas. Even though Akimbo is a small player in the financial services industry, 
it is still obligated to comply with Payment Card Industry (PCD and other reg- 
ulations requiring encryption for online transactions and communication. And 
because Akimbo collects social security numbers and other confidential data, 
it must assure users that their data is secure. The company employs Symantec’s 
Secure Site with EV (Extended Validation) SSL Certificate to secure its site, and 
it prominently displays the Norton Secured Seal. The EV certificate used to 
present online visitors with a green bar in their browser address bar, intended 
to highlight the secure nature of the site. That green bar has been replaced with 
an icon of a locked padlock. According Akimbo CEO and founder, Houston 
Frost, the green bar (now replaced with a locked padlock icon) gives consum- 
ers a “warm and fuzzy” feeling. 


Overcoming Consumers’ Lack of Trust 


Lack of trust in online sellers is one of the most frequently cited reasons 
that some consumers give to explain why they are unwilling to purchase 
online. Can they be sure that the company or person with which they are 
dealing is legitimate and will send the item(s) they purchase? What if there 
is a problem with the product or service when it is received: for example, 
if it does not match the description on the Web site, is the wrong size or 
wrong color, is damaged during the delivery process, or does not work as 
advertised? 

Online marketers must create specific trust-building strategies for their 
Web sites by analyzing their customers, products, and services. A perception of 
trustworthiness can be created by implementing one or more of the following 
strategies: 


e Demonstrate a strong desire to build an ongoing relationship with 
customers by giving first-time price incentives, offering loyalty programs, 
or eliciting and sharing customer feedback. 

e Demonstrate that the company has been in business for a long time. 

e Make it clear that considerable investment has been made in the 
Web site. 

e Provide brand endorsements from well-known experts or well-respected 
individuals. 

e Demonstrate participation in appropriate regulatory programs or 
industry associations. 

e Display Web site accreditation by the Better Business Bureau Online or 
TRUSTe programs. 


Here are some tips to help online shoppers avoid problems: 


e Only buy from a well-known Web site you trust—one that advertises on 
national media, is recommended by a friend, or receives strong ratings in 
the media. 

e Look for a seal of approval from organizations such as the Better 
Business Bureau Online or TRUSTe. See Figure 9.4. 
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FIGURE 9.4 
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e Review the Web site’s privacy policy to be sure that you are comfortable 
with its conditions before you provide personal information. 

e Determine what the Web site policy is for return of products purchased. 

e Be wary if you must enter any personal information other than what’s 
required to complete the purchase (name, credit card number, address, 
and telephone number). 

e Do not, under any conditions, ever provide information such as your 
Social Security number, bank account numbers, or your mother’s maiden 
name. 

e When you open the Web page where you enter credit card information 
or other personal data, make sure that the Web address begins with 
“https,” and check to see if a locked padlock icon appears in the Address 
bar or status bar, as shown in Figure 9.5. 


FIGURE 9.5 
Web site security 
Web site that uses “https” in the address and a secure site lock icon. 


e Consider using virtual credit cards, which expire after one use, when 
making purchases online. These cards are essentially one-time-use credit 
card numbers that your credit card vendor sends you for a specific 
purpose. Even if a hacker obtains that number through a security breach 
it will have no value. 

e Before downloading music, change your browser’s advanced set- 
tings to disable access to all computer areas that contain personal 
information. 


Overcoming Global Issues 


E-commerce and m-commerce offer enormous opportunities by allowing man- 
ufacturers to buy supplies at a low cost worldwide. They also offer enterprises 
the chance to sell to a global market right from the start. Moreover, they offer 
great promise for developing countries, helping them to enter the prosperous 
global marketplace, which can help to reduce the gap between rich and poor 
countries. People and companies can get products and services from around 
the world, instead of around the corner or across town. These opportunities, 
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however, come with numerous obstacles and issues associated with all global 
systems: 


e Cultural challenges. Great care must be taken to ensure that a Web 
site is appealing, easy to use, and not offensive to potential customers 
around the world. For example, consumption of alcohol or marijuana 
may be legal in some places but not others. Do images on the Web site 
depict people consuming alcohol or using marijuana? 

e Language challenges. Language differences can make it difficult to 
understand the information and directions posted on a Web site. 

e Time and distance challenges. Significant time differences make it diffi- 
cult for some people to be able to speak to customer services representa- 
tives or to get technical support during regular waking hours. 

e Infrastructure challenges. The site must support access by customers 
using a wide variety of hardware and software devices. 

e Currency challenges. The Web site must be able to state prices and 
accept payment in a variety of currencies. 

e State, regional, and national law challenges. The site must 
operate in conformance to a wide variety of laws that cover a 
variety of issues, including the protection of trademarks and patents, 
the sale of copyrighted material, the collection and safeguarding of 
personal or financial data, the payment of sales taxes and fees, and 
much more. 


Critical Museum Tours Web Site 


Thinking appLicaTION, GLOBAL 
Exercise 


You recently inherited your aunt’s tourist business, which creates custom tours of 
museums and other sites of interest in Washington, D.C. Your aunt had no employ- 
ees; rather, she would contact an organization, such as a local historical society, 
and work directly with her contact at the organization to propose and arrange a 
tour. After the tour details were finalized, your aunt would open the tour to other 
people who might wish to take the same tour. This strategy allowed your aunt to 
have a confirmed number of people for the tour, and additional people made the 
tour more profitable. 

You aunt’s tour business has an excellent reputation and was regularly rec- 
ognized as a high-quality experience in tourist magazines and AARP publications. 
But almost all the people taking tours with your aunt’s business are from the 
United States. You feel that you can substantially build the business if you also 
cater to foreign tourist groups. You will begin by seeking tourist groups from other 
English-speaking countries because you are not fluent in any language other than 
English. 

You have decided that you must establish a Web presence if you are going to 
contact customers from other countries. Your aunt’s business has no Web presence 
because it was mainly promoted by “word of mouth” endorsements from people 
who had taken tours with your aunt. You view this as an opportunity because you 
are now able to create the Web presence without having to worry about how it will 
interact with any existing Web presence for the business. 


Review Questions 


1. What challenges do you expect to encounter as you try to attract tour groups 
from other countries? 

2. How will customers from other countries pay for the tours? Will you accept 
payment in currencies other than the U.S. dollar? 
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Critical Thinking Questions 


1. What will your strategy be to blend the “word of mouth” customer base created 
by your aunt with the Web presence you intend to create? 

2. You do not have the expertise to host the Web presence. Will you use a generic 
host, will you try to be a sub-site of an established organization, such as AARP, 
or will you find some other way? 


E-Commerce and M-Commerce Applications 


electronic exchange: An 
electronic forum where manufacturers, 
suppliers, and competitors buy and sell 
goods, trade market information, and 
run back-office operations. 


E-commerce and m-commerce are being used in innovative and exciting ways. 
This section examines a few of the many B2B, B2C, C2C, and m-commerce 
applications in retail and wholesale, manufacturing, marketing, advertising, 
bartering, retargeting, price comparison, couponing, investment and finance, 
and banking. As with any new technology, m-commerce will succeed only if 
it provides users with real benefits. Companies involved in e-commerce and 
m-commerce must think through their strategies carefully and ensure that they 
provide services that truly meet customers’ needs. 


Wholesale E-Commerce 


In the United States, wholesale e-commerce is expected to surpass $1 trillion 
by 2021.7 A key sector of wholesale e-commerce is spending on manu- 
facturing, repair, and operations (MRO) goods and services—from simple 
office supplies to mission-critical equipment, such as the motors, pumps, 
compressors, and instruments that keep manufacturing facilities running 
smoothly. MRO purchases often approach 40 percent of a manufacturing 
company’s total revenue, but the purchasing systems within many compa- 
nies are haphazard, without automated controls. Companies face significant 
internal costs resulting from outdated and cumbersome MRO management 
processes. Manufacturing downtime can be caused by not having the right 
part at the right time in the right place. The result is lost productivity and 
capacity. E-commerce software for plant operations provides powerful com- 
parative searching capabilities to enable managers to identify functionally 
equivalent items, helping them spot opportunities to combine purchases for 
cost savings. Comparing various suppliers, coupled with consolidating more 
spending with fewer suppliers, leads to decreased costs. In addition, auto- 
mated workflows are typically based on industry best practices, which can 
streamline processes. 

Grainger, a leader in the MRO market, had over $11 billion in sales for 
2018. Its CEO, D. G. Macpherson, expects growth to continue.**” 


Manufacturing 


One approach taken by many manufacturers to raise profitability and 
improve customer service is to move their supply chain operations onto the 
Internet. Here, they can form an electronic exchange, an electronic forum 
where manufacturers, suppliers, and competitors buy and sell goods, trade 
market information, and run back-office operations, such as inventory con- 
trol, as shown in Figure 9.6. This approach speeds up the movement of raw 
materials and finished products and reduces the amount of inventory that 
must be maintained. It also leads to a much more competitive marketplace 
and lower prices. The increased competition can have a positive or negative 
effect on an organization depending upon whether it wins or loses. Overall, 
the purchaser tends to have more of an advantage with these electronic 
exchanges. 
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FIGURE 9.6 
Model of an electronic exchange 


An electronic exchange is an electronic forum where manufacturers, suppliers, and com- 
petitors buy and sell goods, trade market information, and run back-office operations. 


Companies can join one of three types of exchanges based on who operates 
the exchange. Private exchanges are owned and operated by a single com- 
pany. The owner uses the exchange to trade exclusively with established busi- 
ness partners. Walmart’s Retail Link is such an exchange. Consortium-operated 
exchanges are run by a group of traditionally competing companies with com- 
mon procurement needs. For example, Covisint was developed as an exchange 
to serve the needs of the big three auto makers. Independent exchanges are 
open to any set of buyers and sellers within a given market. In 2017, Covisint 
was purchased by OpenText, and it widened its focus to include healthcare, 
governmental, and financial service providers. Independent exchanges provide 
services and a common technology platform to their members and are open, 
usually for a fee, to any company that wants to use them. For example, Tinypass 
is a flexible e-commerce platform that enables content publishers to choose 
from a variety of payment models to sell access to their media. Publishers can 
offer limited previews to readers before they subscribe, ask for payment to view 
each video or article, or allow the audience to pay what they believe the con- 
tent is worth. Content is defined by the publisher and can be any sort of digital 
media: an article, a movie, a song, a blog post, a PDF, access to a forum, or 
access to an entire Web site. Tinypass exchange members can use the platform 
to crowdfund projects from within their own Web sites, rather than working 
through third party sites, such as GoFundMe or KickStarter.**! 

Several strategic and competitive issues are associated with the use of 
exchanges. Many companies distrust their corporate rivals and fear they might 
lose trade secrets through participation in such exchanges. Suppliers worry that 
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online marketplaces will drive down the prices of goods and favor buyers. Suppli- 
ers also can spend a great deal of money configuring their systems and work pro- 
cesses to participate in multiple exchanges. For example, more than a dozen new 
exchanges have appeared in the oil industry, and the printing industry has more 
than 20 online marketplaces. Until a clear winner emerges in particular industries, 
suppliers may feel compelled to sign on to several or all of them. Yet another issue 
is potential government scrutiny of exchange participants: When competitors get 
together to share information, it raises questions of collusion or antitrust behavior. 

Many companies that already use the Internet for their private exchanges 
have no desire to share their expertise with competitors. At Walmart, the world’s 
largest retail chain, executives turned down several invitations to join exchanges 
in the retail and consumer goods industries before building its own in-house 
exchange, Retail Link, which connects the company to 7,000 worldwide suppliers 
that sell everything from toothpaste to furniture. Through Retail Link, Walmart has 
created a supplier-managed inventory system where it lets each supplier decide 
where to put SKUs (stock keeping units) and how to ship through to stores. It 
empowers suppliers to make these decisions by providing them with inventory and 
sales data by SKU by hour, by store. This in turn makes Walmart more profitable, 
because it can hold each supplier accountable to maximize margin, with the lowest 
inventory possible, to produce the greatest return on investment in inventory.” 

Always consider the issues of trust, privacy, and multinational e-commerce 
when considering electronic exchanges. Participants must trust that others in the 
exchange are honestly portraying their goods, their intentions to purchase, and 
the quality of products and services being offered. Privacy is lost when entering 
into the electronic exchange and is replaced by confidentiality for information 
shared among exchange members. Privacy is a secret only you know, while con- 
fidentiality pertains to things such as your health records, which may be shared 
among many people you may not know but who are participating in your care. 

Consider the implications of confidentiality in the context of how your 
data is handled. The more people who are authorized to see your confiden- 
tial data, the greater the chance that the data might be misused. Consider the 
final grade you receive for a course. You may have taken the course once but 
received a poor grade. If you retake the course and do better the second time, 
your original poor grade will be replaced with the second grade. You and the 
instructor know your original grade, but so do staff in the registrar’s office. 
The teaching assistant may also have known you were taking the course for a 
second time. The instructor may also have had a staff person enter the grade 
into the school’s information system. All of these people have a valid reason to 
know your grade, so they all have access to this confidential data. 

Don’t forget that multinational e-commerce can be complicated when the laws 
and customs of sovereign countries differ. The European Union (EU) implemented 
the General Data Protection Regulation in 2018. Essentially, the EU believes that pri- 
vacy and data protection are fundamental freedoms. Companies that disregard the 
data protection regulations are subject to very high fines. Consent to have data about 
a user shared with another company requires the user’s specific, informed, and 
unambiguous consent from the user. The user “owns” the data, not the company. 

In the United States, companies own the data they collect about you from 
any business transaction you make with the company. They can sell it to other 
companies—with or without your consent. While many companies promise 
that they will not share your information with other companies, it is just that, a 
promise. It is not a legally binding commitment, and the company can change 
its mind at any time and sell your data to others. 


Marketing 


The nature of the Web enables firms to gather more information about cus- 
tomer behavior and preferences as customers and potential customers gather 
their own information and make their purchase decisions. Analysis of this data 
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is complicated because of the Web’s interactivity and because each visitor vol- 
untarily provides or refuses to provide personal data such as name, address, 
email address, telephone number, and demographic data. Indeed, customers 
may intentionally lie about this information. Internet advertisers use the data 
to identify specific markets and target them with tailored advertising messages. 
market segmentation: The This practice, called market segmentation, divides the pool of potential cus- 
identification of specific markets to tomers into subgroups usually defined in terms of demographic characteristics, 
target themi with tallored advertising such as age, gender, marital status, income level, and geographic location. 
PESI In the past, market segmentation has been difficult for B2B marketers 
because firmographic data (addresses, financials, number of employees, and 
industry classification code) was difficult to obtain. Now, however, eXelate, 
a subsidiary of Nielsen, the marketing and media information company, has 
joined forces with Dun & Bradstreet to provide a data as a service solution 
that customers can use to access a database of more than 250 million business 
records, including critical company information such as contact names, job 
titles and seniority levels, locations, addresses, number of employees, annual 
sales, and Standard Industry Code (SIC) and North America Industry Classifica- 
tion System (NAICS) classification codes. Using this data, analysts can identify, 
access, and segment their potential B2B audience; estimate potential sales for 
each business; and rank the business against other prospects and customers.” 


Advertising 


Mobile ad networks distribute mobile ads to publishers such as mobile Web 
sites, application developers, and mobile operators. Because most people carry 
their smartphones (which are connected to the Web in many different ways) 
with them at all times, organizations have an incentive to make extensive use of 
mobile ads to reach consumers. Mobile ad impressions are generally bought at a 
cost per thousand (CPM), cost per click (CPC), or cost per action (CPA), in which 
the advertiser pays only if the customer clicks through and then buys the product 
or service. The main measures of success are the number of users reached, click 
through rate (CTR), and the number of actions users take, such as the number of 
downloads prompted by the ad. Advertisers are keenly interested in this data to 
measure the effectiveness of their advertising spending, and many organizations 
are willing to pay extra to purchase the data from a mobile ad network or a third 
party. Generally, there are three types of mobile ad networks—blind, premium 
blind, and premium networks—though no clear lines separate them. The char- 
acteristics of these mobile advertising networks are summarized in Table 9.5. 


TABLE 9.5 Characteristics of three types of mobile advertising networks 


Characteristic Blind Networks Premium Blind Networks Premium Networks 
Degree to which An advertiser can specify Most advertising is blind, but Big brand advertisers can 
advertisers can country and content channel for an additional charge, the secure elite locations on 
specify where ads (e.g., news, sports, or enter- advertiser can buy a specific top-tier destinations. 
are run tainment) on which the ad spot on a Web site of its 
will run but not a specific choice. 
Web site. 
Predominant CPC (e.g., $0.01 per click) CPM (e.g., $20 per thousand CPM (e.g., $40 per thousand 
pricing model and impressions) impressions) 
typical rate 
Examples e Admoda/Adultmoda e Jumptap e Hands 
e AdMob e Madhouse e Microsoft Mobile 
© BuzzCity e = Millennial Media Advertising—App Samurai 
© = InMobi © Quattro Wireless © Nokia Interactive 
Advertising 


© Pudding Media 
e YOC Group 
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FIGURE 9.7 
M-commerce is convenient 
and personal 
Consumers are increasingly using 
mobile phones to purchase goods 
and perform other transactions 
online. 


InMobi is a global provider of cloud-based resources aimed at companies 
that have significant m-commerce clients. The company, which is a recognized 
leader in its field, uses a technique it calls “appropriate targeting” to increase 
the chance that users of a type of media or app will engage with advertisers 
using its services. In 2019, InMobi launched a new independent business unit 
called TruFactor, which allows telecommunications companies to “transform 
their digital assets into strategic knowledge.” In other words, the companies 
can use the individual records of the phone location, Web site being viewed, 
length of time at the Web site, and other facts into a collection of broad trends 
that are useful for planning future advertising strategies. This can only further 
increase the effectiveness of providing a more integrated approach to interac- 
tion with customers via all of their interconnected devices for m-commerce.*” 

Because m-commerce devices usually have a single user, they are ideal for 
accessing personal information and receiving targeted messages for a particular 
consumer. Through m-commerce, companies can reach individual consumers 
to establish one-to-one marketing relationships and communicate whenever it 
is convenient—in short, anytime and anywhere. M-commerce is also often an 
important component of an omnichannel strategy. For instance, a mobile device 
can broadcast a user’s current location so that m-commerce can be seamlessly 
integrated to other e-commerce experiences at the user’s current location—your 
location can tell what store you are in and provide coupons pertinent to your 
shopping experience. See Figure 9.7. 


McLittle Stock/Shutterstock.com 


Bartering 


During the economic downturn between 2007 and 2009, many people and 
businesses turned to bartering as a means of gaining goods and services. Even 
as the economy slowly recovered, bartering and a “gig economy” helped many 
people through difficult economic times. A number of Web sites have been 
created to support this activity, as shown in Table 9.6. Some businesses are 
willing to barter to reduce excess inventory, gain new customers, or avoid pay- 
ing cash for necessary raw materials or services. Cash-strapped customers may 
find bartering to be an attractive alternative to paying scarce dollars. Generally, 
bartering transactions have tax-reporting, accounting, and other record-keeping 
responsibilities associated with them. Indeed, the IRS hosts a Bartering Tax 
Center Web site that provides details about the tax laws and responsibilities 
for bartering transactions. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


CHAPTER 9 è E-Commerce 337 


TABLE 9.6 Popular bartering Web sites 


Web site Purpose 


Craiglist.org Includes a section where users can request an item in 
exchange for services or exchange services for services 


Swapagift.com Enables users to buy, sell, or swap merchant gift cards 


Swapstyle.com Allows users to swap, sell, or buy direct women’s accesso- 
ries, clothes, cosmetics, and shoes 


Game Trading Zone Forum for trading games, movies, and music 


TradeAway.com Enables users to exchange a wide variety of new or used 
items, services, or real estate 


Retargeting 

Cart abandonment is an ongoing challenge for e-commerce companies. Close to 
73 percent of shopping carts accessed via desktop computers are abandoned 
before purchase, while that rate rises to 86 percent for carts created on smart- 
phones.” “Retargeting” is a technique used by advertisers to recapture these shop- 
pers by using targeted and personalized ads to direct shoppers back to a retailer’s 
site. For example, a visitor who viewed the men’s clothing portion of a retailer's 
Web site and then left the site would be targeted with banner ads showing various 
men’s clothing items from that retailer. The banner ads might even display the 
exact items the visitor viewed, such as men’s casual slacks. The retargeting could be 
further enhanced to include comments and recommendations from other consum- 
ers who purchased the same items. Retargeting ensures that potential consumers 
see relevant, targeted ads for products they’ve already expressed interest in. 


Price Comparison 


An increasing number of companies provide mobile phone apps that enable 
shoppers to compare prices and products online. Wirecutter (owned by the 
New York Times) has product reviews on appliances and tech gadgets. Ama- 
zon’s Price Check app also let you search for pricing by taking a picture of a 
book, DVD, CD, or video game cover. The Barcode Scanner app allows shop- 
pers to scan UPC or Quick Response codes to perform a price comparison and 
read the latest product reviews.°”* 


Couponing 
In 2017, almost $300 billion worth of free-standing insert (FSI) coupons were 
distributed, amounting to almost $575 billion in potential savings. In 2017, over 
$3 billion of saving occurred through coupon use (a small fraction of possible 
savings), and digital coupons represented around 12 percent of that $3 billion.” 
Many businesses now offer a variety of digital coupons—which tend to 
be redeemed at higher rates than FSI coupons—including printable coupons 
available on a company’s Web site or delivered to customers via email. Shop- 
pers at some retail chains can go to the store’s Web site and load digital cou- 
pons onto their store loyalty card. Other retailers have programs that allow a 
person to enter their mobile number and a PIN at checkout to redeem coupons 
they selected online. Honey (www.joinhoney.com) allows users to click its app 
while checking out at the grocery store to find coupons and savings. Many 
consumer product good manufacturers and retailers and other businesses now 
send mobile coupons directly to consumers’ smartphones via SMS technology. 
Google has quietly emerged as a platform leader for proximity marketing, 
which makes use of in-store beacons that emit wireless communications up to 
about 10 feet away to target shoppers with individual advertisements and cou- 
pons based on the customer’s known profile. Proximity marketing is expected 
to see a large growth increase throughout 2019. A recent study suggests 
1.5 billion mobile coupons will be delivered by proximity beacons in 2020. 
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FIGURE 9.8 


Millions of mobile coupon 


users in the U.S. 

The number of mobile coupon 
redeemers is increasing 
significantly. 

Source: Caroline Cakebread, “Who's Using 
Mobile Coupons in the US?,” eMarketer, 
December 3, 2018, https://www.emarketer. 
com/content/the-mobile-series-mobile- 
coupons-infographic. 


Mobile investment and 
finance 

Investment firms provide mobile 
trading apps to support clients on 
the go. 


The estimated number of mobile coupon redeemers is expected to increase 
due to the integration of couponing into social networks, along with an increase 
in smartphone and tablet users, new mobile apps, and location-based deals. 
See Figure 9.8. 
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Online marketplaces such as Groupon and LivingSocial offer an updated 
approach to digital couponing. Discount coupons for consumers are valid only 
if a predetermined minimum number of people sign up for them. Merchants do 
not pay any money up front to participate in Groupon or LivingSocial but must 
pay the companies a fee (up to 50 percent for Groupon) whenever a customer 
purchases a coupon. 


Investment and Finance 


The Internet has revolutionized the world of investment and finance. Perhaps 
the changes have been so significant because this industry had so many built-in 
inefficiencies and so much opportunity for improvement. 

The brokerage business adapted to the Internet faster than any other arm of 
finance. See Figure 9.9. The allure of online trading that enables investors to do 
quick, thorough research and then buy shares in any company in a few seconds 
and at a fraction of the cost of a full-commission firm has brought many investors 
to the Web. Fidelity offers mobile trading apps for tablets, smartphones, and even 
Apple Watch. The apps allow investors a secure platform to monitor their port- 
folios, view real-time stock quotes, track preferred stocks, and execute trades.™ 


d 
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Banking 


Online banking customers can check balances of their savings, checking, 
and loan accounts; transfer money among accounts; deposit checks; and pay 
bills. These customers enjoy the convenience of not writing checks by hand, 
tracking their current balances, and reducing expenditures on envelopes 
and stamps. In addition, online banking customers have the satisfaction of 
knowing that paying bills online is good for the environment because it 
reduces the amount of paper used, thus saving trees and reducing green- 
house gases. 

All of the major banks and many of the smaller banks in the United States 
enable their customers to pay bills online, and most support bill payment via 
mobile devices. Banks are eager to gain more customers who pay bills online 
because such customers tend to stay with the bank longer, have higher cash 
balances, and use more of the bank’s products and services. To encourage the 
use of this service, many banks have eliminated all fees associated with online 
bill payment. 

Consumers who have enrolled in mobile banking and downloaded the 
mobile application to their cell phones can check credit card balances before 
making major purchases to avoid credit rejections. They can also transfer funds 
from savings to checking accounts to avoid an overdraft. 

M-Pesa (M for mobile, Pesa for money in Swahili) with some 30 million 
users worldwide is considered by many to be the most developed mobile pay- 
ment system in the world. The service is operated by Safaricom and Vodacom, 
the largest mobile network operators in Kenya and Tanzania. M-Pesa enables 
users with a national ID card or passport to deposit, withdraw, and transfer 
money easily with a mobile device. Its services have expanded from a basic 
mobile money transfer scheme to include loans and savings products, bill pay, 
and salary disbursements. It is estimated that two percent of Kenyan house- 
holds have been lifted out of poverty by access to mobile money services such 
as M-Pesa.°*% 


Online Personalized Shopping 


An increasing number of Web sites offer personalized shopping consulta- 
tions for shoppers interested in upscale, contemporary clothing—dresses, 
sportswear, denim clothing, handbags, jewelry, shoes, and luxury gifts. 
Key to the success of companies such as MyTheresa and Net-a-Porter is 
a philosophy of excellent customer service and strong, personal client 
relationships. Net-a-Porter offers same-day delivery in Hong Kong, New 
York, and London, and a team of personal shoppers stock the virtual carts 
of women around the globe who are looking for high fashion and luxury 
items. 

Rent the Runway specializes in designer clothing for people that want 
access to high fashion for both everyday wear and special occasions. A fee of 
less than $100 is required for a short time access to the site and higher fees 
for longer access. Users can rent four pieces for up to eight days. This can 
greatly expand the customer’s choice of formal clothes at a price that young 
professionals can afford. 

Quintessentially is a luxury shopping and concierge service whose private 
shopping specialists can find the rarest and most exquisite items for the afflu- 
ent shopper. See Figure 9.10. T team at Quintessentially can get that Hermes 
Birkin handbag without the long delay many shoppers experience.” 
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FIGURE 9.10 
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Quintessentially is an online luxury concierge service that features unusual and exclusive goods. 


Critical 
Thinking 
Exercise 


Banding Together 
æ APPLICATION 


More than 20 universities and colleges are located in Atlanta, and students at these 
schools have many things in common. You believe there is a market for an app that 
addresses the consumer demand of Atlanta students in three areas: housing, food, 
and clothes. Many shoppers—including college students—are overwhelmed by the 
number of apps for individual products and businesses. And new students coming 
to campus have to spend effort in just trying to find out what is offered near their 
campus and where it’s located. 

It would greatly help the use of the app if the universities and colleges would 
make students aware of it as they go through orientation at their school. Because 
universities have rules in place to protect student information, they may have ques- 
tions about how data will be collected, stored, and used. You may find that some 
schools would prefer to create their own app and not be part of a consortium. 

Your goal is to create a single app that acts similar to a consortium, that is, an 
electronic exchange. On any given evening at dinner time, for instance, hundreds 
of students in the Atlanta area may want pizza for dinner. Instead of each student 
finding a single vendor and making a separate order, why not assemble all the 
student orders over a 30-minute time and then have pizza vendors bid on the entire 
order. This would allow students to use the buying power of the consortium to get 
the best price and product. 

The same concept could be applied to housing and to buying “gently used” 
clothing. As individuals, students do not have much power in the purchasing action. 
With your app, students would benefit by being part of a consortium that has 
greater power to negotiate better purchase terms. 


Review Questions 


1. It sounds easy to say that 20 universities and colleges will cooperate in the 
consortium, but in reality, it can be complicated. What type of technology 
infrastructure would need to be in place to make this consortium (electronic 
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exchange) work? Can universities in the consortium provide some of the 
resources? Make sure you consider the technology needed by the user as well 
as the consortium technology. 

2. Students will benefit from lower prices on what they purchase but how might 
the consortium itself make a profit? 


Critical Thinking Questions 


1. How will you get businesses to bid to provide products/services on the 
electronic exchange? 

2. Who would likely take the lead on the development of the app for the electronic 
exchange? One of the universities, a private business, a student government, 
or something else? 


Strategies for Successful E-Commerce and M-Commerce. ; ’ 2 


FIGURE 9.11 


Content, commerce, and 


community 
A successful e-commerce model 
includes three basic components. 


With all the constraints to e-commerce already discussed in this chapter, it’s 
clear that a company must develop an effective Web site, one that is easy to use 
and accomplishes the goals of the company yet is safe, secure, and affordable 
to set up and maintain. However, before building a Web site, a company must 
first define an effective e-commerce model and strategy. The next sections 
examine several issues for a successful e-commerce site. 


Defining an Effective E-Commerce Model and Strategy 


The first major challenge is for the company to decide on the e-commerce 
model it wants to use and formulate an effective e-commerce strategy. 
Although companies can select from a number of approaches, the most suc- 
cessful e-commerce models include three basic components: community, con- 
tent, and commerce, as shown in Figure 9.11. Discussion forums and other 
social shopping tools can build a loyal community of people who are inter- 
ested in and enthusiastic about the company and its products and services. 
Providing useful, accurate, and timely content, such as industry and economic 
news and stock quotes, is a sound approach to encourage people to return to 
your Web site time and again. Commerce involves consumers and businesses 
paying to purchase physical goods, information, or services that are posted 
or advertised online. 


Content 


Industry news 
Economic news 
Stock prices 
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Defining the Functions of a Web Site 


When building a Web site, you should first decide which tasks the site must 
accomplish. Most people agree that an effective Web site is one that creates 
an attractive presence and that meets the needs of its visitors, which might 
include the following: 


e Obtaining general information about the organization 

e Obtaining financial information for making an investment decision in the 
organization 

e Learning the organization’s position on social issues 

e Learning about the products or services that the organization sells 

e Buying the products or services that the company offers 

e Checking the status of an order 

e Getting advice or help on effective use of the products 

e Registering a complaint about the organization’s products 

e Registering a complaint concerning the organization’s position on social 
issues 

e Providing a product testimonial or an idea for product improvement or a 
new product 

e Obtaining information about warranties or service and repair policies for 
products 

e Obtaining contact information for a person or department in the 
organization 


After a company determines which objectives its site should accomplish, 
it can move on planning and developing the site, keeping in mind that the 
priorities and objectives of customers may change over time. The site must 
also be easy and intuitive to use by the targeted customers. As the number of 
e-commerce shoppers increases and they become more comfortable—and more 
selective—making online purchases, a company might need to redefine the basic 
business model of its site to capture new business opportunities. For example, 
consider the major travel sites such as Expedia, Travelocity, CheapTickets, Orbitz, 
and Priceline. These sites used to specialize in one area of travel—inexpensive 
airline tickets. Now they offer a full range of travel products, including airline 
tickets, auto rentals, hotel rooms, tours, and last-minute trip packages. Expedia 
provides in-depth hotel descriptions to help comparison shoppers and even 
offers 360-degree virtual tours and expanded photo displays. It also entices 
flexible travelers to search for rates, compare airfares, and configure hotel and 
air prices at the same time. Expedia has also developed numerous hotel partner- 
ships to reduce costs and help secure great values for consumers. Meanwhile, 
Orbitz has a special full-service program for corporate business travelers. 


Establishing a Web Site 


Companies large and small can establish Web sites. Some companies elect to 
develop their sites in-house, but this decision requires a Web development 
staff that is experienced with network security, online payments, and Web 
design software. Many firms, especially those with few or no experienced Web 
developers, outsource the building of their Web sites in order to get their sites 
up and running faster and cheaper—and to develop a more professional Web 
site—than they could by doing the job themselves. Web development firms 
can provide organizations with prebuilt templates and Web site builder tools 
to enable customers to construct their own Web sites. 

Businesses can custom design a new Web site or redesign an existing Web 
site. Many of these firms have worked with thousands of customers to help them 
get their Web sites up and running. When the Web site is being configured, it 
should be inclusive of apps and other marketing and commerce channels used 
by the organization. Developing a Web site that stands alone is a waste of money. 
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Web site hosting companies such as DreamHost, InMotion, HostWay, and 
BroadSpire make it possible to set up a Web page and conduct e-commerce 
within a matter of days, with little up-front cost. However, to allow visitors to 
pay for merchandise with credit cards, a company needs a merchant account 
with a bank. If your company doesn’t already have one, it must establish one. 
storefront broker: A company that Another model for setting up a Web site is the use of a storefront broker, a 
acts as an intermediary between your business that serves as an intermediary between your Web site and online mer- 
ie a ee see hpa chants who have the actual products and retail expertise. The storefront broker 
PESEE e lacks deals with the details of the transactions, including who gets paid for what, and 
is responsible for bringing together merchants and reseller sites. The storefront 
broker is similar to a distributor in standard retail operations, but in this case, 
no product moves—only electronic data flows back and forth. Products are 
ordered by a customer at your site, orders are processed through a user interface 
provided by the storefront broker, and the product is shipped by the merchant. 
Shopify is a Canadian firm that helps retailers create their own online store 
without all the technical work involved in developing their own Web site or 
the huge expense of contracting someone else to build it. Clients can select 
a stylish e-commerce Web site template, customize it to meet their unique 
needs, upload product information, and then start taking orders and accepting 
payments. Thousands of online retailers, including General Electric, CrossFit, 
Tesla Motors, Red Bull, Foo Fighters, and GitHub built their Web sites using the 
Shopify platform. In 2018, Shopify had revenue of over $1 billion. 
Don’t forget that the Web site is a key to your e-commerce strategy. Consider 
a “how to reach us” section that includes any account you have on Twitter, Face- 
book, WhatsApp, WeChat, or other social media. When a Web site is reached the 
site can determine the type of device is accessing the page and present different 
formats of the page optimized for that type of device. This is especially true for 
users accessing your Web page via their phones. Make sure you have your Web 
page developed so that users across a variety of devices can use it equally well. 
If you have developed an app for your business, it is important to make 
sure your Web page alerts users to the app and how it can be downloaded to 
their phones. Do you have coupons for products or services you sell? Make sure 
that those coupons are available on one or more of the couponing sites men- 
tioned earlier in the chapter. In short, the Web page is an important entrance 
to your business that should tie into all of your e-commerce efforts. 


Building Traffic to Your Web site 


The Internet includes hundreds of thousands of e-commerce Web sites. With all 
those potential competitors, a company must take strong measures to ensure that 
the customers it wants to attract can find its Web site. The first step is to obtain 
and register a domain name, which should say something about your business. 
For instance, stuff4u might seem to be a good catchall, but it doesn’t describe the 
nature of the business—it could be anything. If you want to sell soccer uniforms 
and equipment, then you’d try to get a domain name such as www.soccerstuff4u. 
com, www.soccerequipment.com, or www.stuff4soccercoaches.com. The more 
specific the Web address, the better. 

The next step to attracting customers is to make your site search-engine 
friendly by improving its rankings. The following are several ideas on how to 
accomplish this goal: 


e Search engines work by constantly visiting Web sites and using algo- 
rithms to decide the best way to categorize the site’s contents. The 
search engine company send out robots (sometimes called “spiders” or 
“crawlers”) to sites linked to the Internet. Companies can ensure their 
site appears in search engine results by listing links and other resources 
(listed by a uniform resource locator [URL]) in a file named Robots.txt. 
That file is searched by spiders and crawlers. 
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search engine optimization: 
The process of maximizing the number 
of visitors to your Web site using the 
quality and quantity of terms/links on 
your Web page that match common 
Internet searches. 


e Use Web site traffic data analysis software to turn the data captured in 
the Web log file into useful information. This data can tell you the URLs 
from which your site is being accessed, the search engines and key- 
words that find your site, and other useful information. Using this data 
can help you identify search engines to which you need to market your 
site, allowing you to submit your Web pages to them for inclusion in the 
search engine’s index. 

You want your Web site built for search engine optimization. Search 
engines like Bing, Google, and Yahoo! have algorithms that rate a Web 
page based on a number of attributes: traffic to the page, reliability of 
information on the page, comments on social media about the page, and 
many other characteristics. Search engines guard exactly how their algo- 
rithms score each Web page so that organizations cannot unfairly manip- 
ulate their scores. You may find it useful to hire a consultant or firm that 
specializes in optimizing an organization’s Web page for search engine 
optimization. 

e Provide quality, keyword-rich content. Be careful not to use too many 
keywords, as search engines often ban sites that do this. Judiciously 
place keywords throughout your site, ensuring that the Web content is 
sensible and easy to read by humans as well as search engines. 

e Consider paying the search engine companies to include you as a 
“sponsored” ad. 

e Add new content to your site on a regular basis. The time frame should 
be short enough so that customers notice new products or features 
as they return to the Web site. Again, this makes the site attractive to 
humans as well as search engines. 

e Acquire links to your site from other reputable Web sites that are popular 
and related to your site. 


The use of the Internet is growing rapidly in markets throughout Europe, 
Asia, and Latin America. Obviously, companies that want to succeed on the 
Web cannot ignore this global shift. A company must be aware that consum- 
ers outside the United States will access sites with a variety of devices. A Web 
site’s design should reflect that diversity if the company wants to be successful 
in other markets. In Europe, for example, closed-system iDTVs (integrated 
digital televisions) are becoming popular for accessing online content, with 
more than 50 percent of the population now using them. Because such devices 
have better resolution and more screen space than the PC monitors that many 
U.S. consumers use to access the Internet, iDTV users expect more ambitious 
graphics. Successful global firms operate with a portfolio of sites designed 
for each market, with shared sourcing and infrastructure to support the net- 
work of stores and with local marketing and business development teams to 
take advantage of local opportunities. Service providers continue to emerge 
to solve the cross-border logistics, payments, and customer service needs of 
these global retailers. 


Maintaining and Improving Your Web Site 


Web site operators must constantly monitor the traffic to their sites and 
the response times experienced by visitors. AMR Research, a Boston-based 
independent research analysis firm, reports that Internet shoppers expect ser- 
vice to be better than or equal to their in-store experience. Nothing will drive 
potential customers away faster than experiencing unreasonable delays while 
trying to view or order products or services. To keep pace with technology and 
increasing traffic, companies might need to modify the software, databases, or 
hardware on which their sites run to ensure acceptable response times. 
Retailing giant Walmart invested over $2 billion as part of a multiyear project 
designed to improve its Web site and strengthen its e-commerce infrastructure. 
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Walmart’s technology team overhauled the company’s e-commerce capabilities 
from the ground up—with changes to the look of the Web site, the launch of 
an improved, proprietary site search engine, and upgrades to the underlying 
transaction software and supporting databases and Web servers. In addition to 
revamping its Web site to make it easier for customers to shop, Walmart con- 
tinues to look for innovative ways to interact with online shoppers, such as a 
three-dimensional virtual tours of home furnishings in order to compete with 
Wayfair, Amazon, and others.”° 

Web site operators must also continually be alert to new trends and devel- 
opments in the area of e-commerce and be prepared to take advantage of 
new opportunities. For example, recent studies show that customers more 

personalization: The process of frequently visit Web sites they can customize. Personalization is the process 

tailoring Web pages to specifically of tailoring Web pages to specifically target individual consumers. The goal is 

target individual:congumers: to meet the customer’s needs more effectively, make interactions faster and 
easier, and consequently, increase customer satisfaction and the likelihood of 
repeat visits. Building a better understanding of customer preferences can also 
aid in cross-selling related products and more expensive products. The most 
basic form of personalization involves using the consumer’s name in an email 
campaign or in a greeting on the Web page. Amazon uses a more advanced 
form of personalization in which the Web site greets each repeat customer by 
name and recommends a list of new products based on the customer’s previous 
purchases. 

Businesses use two types of personalization techniques to capture data and 
build customer profiles. Implicit personalization techniques capture data from 
actual customer Web sessions—primarily based on which pages were viewed 
and which weren’t. Explicit personalization techniques capture user-provided 
information, such as information from warranties, surveys, user registrations, 
and contest-entry forms completed online. Data can also be gathered through 
access to other data sources such as the Bureau of Motor Vehicles, Bureau of 
Vital Statistics, and marketing affiliates (firms that share marketing data). Mar- 
keting firms aggregate this information to build databases containing a huge 
amount of consumer behavioral data. During each customer interaction, pow- 
erful algorithms analyze both types of data instantly to predict the consumer’s 
needs and interests. This analysis makes it possible to deliver new, targeted 
information while the customer is at the site. Because personalization depends 
on gathering and using personal user information, privacy issues are a major 
concern. 

Salesforce Marketing Cloud is a provider of digital marketing automation 
and analytics software and services that its customers use to personalize 
email marketing, target mobile messaging campaigns, and make personal- 
ized, predictive recommendations to online customers. Room & Board, a 
Minnesota-based national furniture chain specializing in modern furniture 
and home accessories, uses Salesforce to create a digital experience that 
reflects the ways their customers use the Web as well as one that extends 
the company’s personalized sales approach to its Web site. The Salesforce 
system, which ties into customers’ sales histories as well as years’ worth of 
data about what styles and individual pieces of furniture work well together 
and what products customers tend to view and purchase in groups, allows 
the company to make increasingly effective personal recommendations to 
its online customers. Customers who engage with Room & Board’s recom- 
mendations place online orders with 40 percent higher average values than 
those who don’t.” 

The tips and real-world examples presented in this section represent 
just a few ideas that can help a company set up and maintain an effective 
e-commerce site. With technology and competition changing constantly, man- 
agers should read articles in print and online to keep up to date on ever-evolv- 
ing issues. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


346 PART 3 © Business Information Systems 


Critical 
Thinking 
Exercise 


Technology Infrastructure Required to Support E-Commer 


Move-In Ready 
Æ APPLICATION 


You have been the senior housing staff member at your university for several 
years. One of your biggest challenges is managing the move-in process at the 
beginning of each school year. All students who will live in campus housing are 
required to move into their residences over a three-day period, which requires 
an extensive and complex effort to pull off. You have organized volunteers that 
help students unload all their belongings from their cars and into their dorm 
rooms efficiently. But there is still a problem. Now students and their families 
go out to stores all around the university looking for fans, extension cords, 
laundry supplies, sheets and pillowcases, along with a million other “must- 
have” items. 

You have an idea that would require a lot of cooperation from people within 
and outside of your university. “Move-In Ready” would allow students to buy all 
of the stuff they need (from soap and paper towels to mini-refrigerators and even 
furniture and grocery items) through a page on the university’s Web site. Everything 
ordered would be delivered to the student’s room before he or she arrives. 

The concept seems simple enough, but several issues need to be resolved. 
First, your university is a public university and is not allowed to sell or advocate 
for a particular business. Also, how will the purchases for a student that may 
come from several different businesses be assembled into one order and deliv- 
ered to the correct residence before students move in? Maybe one object, such 
as a sweatshirt with the university logo, is likely to be ordered by hundreds of 
students. Does the vendor of that sweatshirt look at its inventory and then have 
its supplier begin delivery of the sweatshirt? The B2C Web site just impacted a 
B2B Web site. 


Review Questions 


1. Assume the Web site will be built before students arrive on campus next fall. 
How will you build traffic to the Web site? 

2. Universities are dynamic places. What kind of processes would you develop to 
make sure the Web site is maintained and grows to meet the changing needs 
of students? 


Critical Thinking Questions 


1. Web sites like the one described here are often accessed by people using lap- 
tops or desktop computers because there is so much visual information to be 
displayed. But college students are known to be very m-commerce aware so 
how would you design a Web site that will be mobile friendly? 

2. How would you measure the Web site’s success or lack of success? 


Now that we’ve examined some key factors in establishing an effective 
e-commerce initiative, let’s look at some of the technical issues related to 
e-commerce systems and the technology that makes it possible. Successful 
implementation of e-commerce requires significant changes to existing busi- 
ness processes and substantial investment in IS technology. These technology 
components must be chosen carefully and integrated to support a large vol- 
ume of transactions with customers, suppliers, and other business partners 
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Key technology infrastructure 
components 

E-commerce systems require 
specific kinds of hardware and 
software to be successful. 
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worldwide. In surveys, online consumers frequently note that poor Web site 
performance (e.g., slow response time, inadequate customer support, and lost 
orders) drives them to abandon some e-commerce sites in favor of those with 
better, more reliable performance. This section provides a brief overview of the 
key technology infrastructure components. See Figure 9.12. 


‘Network 
Internet 


High-speed 
connection to network 


E-commerce 
software 


Server software 


Server operating system 


Web server hardware 


Hardware 


A Web server platform complete with the appropriate hardware and software is 
a key ingredient to e-commerce infrastructure. The amount of storage capacity 
and computing power required of the Web server depends primarily on two 
things: the software that must run on the server and the volume of e-commerce 
transactions that must be processed. The most successful e-commerce solu- 
tions are designed to be highly scalable so that they can be upgraded to meet 
unexpected user traffic. 

Computing hardware is getting more powerful even while the prices of 
hardware fall. When you consider the cost of hardware for e-commerce you 
must take this into account. It is important to understand the role of Moore’s 
Law when you consider the hardware used to support e-commerce. Gordon 
Moore, a co-founder of Intel, made a prediction in 1965 concerning the rate 
at which the number of transistors on a microchip would increase. In the 
years that followed, researchers have modified his observation to a general 
prediction about the power of computers: Computer power doubles about 
every 18 months—for the same price. Based on that prediction, in six years, 
a computer will be 16 times more powerful for the same cost. In nine years, 
a computer will be 64 times as powerful for the same cost, but in 15 years, a 
computer will be 1,024 times as powerful for the same cost. 
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Even as you consider the constantly increasing power of computing tech- 
nology, do not overlook that you can use existing technologies in new and 
creative ways. Apple’s iPhones have touted their ability to take images using 
infrared light, and many Android phones can take infrared images as well. It’s 
simply a feature of many digital cameras. You may have seen news accounts of 
people who had a medical issue detected from a simple infrared image. Maybe 
someone can take this existing technology and repurpose it to look for skin 
cancer or other medical issues. 

Even when you have the right hardware in place you can have a Web site 
outage if visitors cannot access the Web page. There were several high-profile 
Web site outages in 2019 that impacted millions of uses. Table 9.7 shows six 
outages affecting some of the largest Web sites in the world. 


TABLE 9.7% Some 2019 major Web site outages 


Site When Cause 

Facebook March 13 Server configuration change 
Google Cloud Platform June 2 Server configuration change 
Verizon June 24 Volume of network traffic routed to 


networks with insufficient capacity 
Cloudfare July 2 Bad software deployment 
Facebook, Twitter, Apple July 3-4 Bad maintenance check 
Twitter July 11 Internal system change 


SOURCE: Twain Taylor, “Biggest 2019 Website Outages and What Caused Them,” August 23, 2019, bitp://Aechgenix 
.com/2019-website-outages. 


A key decision facing a new e-commerce company is whether to host 
its own Web site or to let someone else do it. Many companies decide that 
using a third-party Web service provider is the best way to meet initial 
e-commerce needs. The third-party company rents space on its computer 
system and provides a high-speed connection to the Internet, thus minimiz- 
ing the initial out-of-pocket costs for e-commerce start-up. The third party 
can also provide personnel trained to operate, troubleshoot, and manage 
the Web server. 


Web Server Software 


In addition to the Web server operating system, each e-commerce site must 
have Web server software to perform fundamental services, including security 
and identification, retrieval and sending of Web pages, Web site tracking, Web 
site development. Many personnel who manage Web sites first learn how to 
measure site performance using Google Analytics (Analytics.Google.com). The 
two most widely used Web server software packages are Apache HTTP Server 
and Microsoft’s Internet Information Services. 


E-Commerce Software 


After you have located or built a host server, including the hardware, operat- 
ing system, and Web server software, you can begin to investigate and install 
e-commerce software to support five core tasks: catalog management to create 
and update the product catalog, product configuration to help customers select 
the necessary components and options, shopping cart facilities to track the 
items selected for purchase (see Figure 9.13), e-commerce transaction process- 
ing, and Web traffic data analysis to provide details to adjust the operations 
of the Web site. 
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FIGURE 9.13 
Electronic shopping cart 
An electronic shopping cart allows online shoppers to view their selections and add or remove items. 


M-Commerce Hardware and Software 


For m-commerce to work effectively, the interface between the mobile 
device and its user must improve to the point that it is nearly as easy to 
purchase an item on a mobile device as it is to purchase it on a PC. In addi- 
tion, network speeds must continue to improve so that users do not become 
frustrated. Security is also a major concern, particularly in two areas: the 
security of the transmission itself and the trust that the transaction is being 
made with the intended party. Encryption can provide secure transmis- 
sion. Digital certificates can ensure that transactions are made between the 
intended parties. 

Mobile devices used for m-commerce have several limitations that compli- 
cate their use. Their screens are small, perhaps no more than several square 
inches, and might be able to display only small portions of a Web site. In addi- 
tion, entering data on a mobile device can be tedious and error prone. Mobile 
devices also have less processing power and less bandwidth than desktop or 
laptop computers, which are usually connected to a high-speed network. They 
also operate on limited-life batteries. For these reasons, Web developers must 
often rewrite Web applications so that users with mobile devices can access 
them more efficiently. 


Electronic Payment Systems 


Electronic payment systems are a key component of e-commerce infrastructure. 
Current e-commerce technology relies on user identification and encryption 
to safeguard business transactions. Actual payments are made in a variety of 
ways, including electronic cash, electronic wallets, and smart, credit, charge, 
and debit cards. Web sites that accept multiple payment types convert more 
visitors to purchasing customers than merchants who offer only a single pay- 
ment method. 
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digital certificate: An attachment 
to an email message or data 
embedded in a Web site that verifies 
the identity of a sender or Web site. 


certificate authority (CA): A 
trusted third-party organization or 


company that issues digital certificates. 


Authentication technologies are used by many organizations to confirm 
the identity of a user requesting access to information or assets. A digital 
certificate is an attachment to an email message or data embedded in a Web 
site that verifies the identity of a sender or Web site. A certificate authority 
(CA) is a trusted third-party organization or company that issues digital certif- 
icates. The CA is responsible for guaranteeing that the people or organizations 
granted these unique certificates are in fact who they claim to be. Digital 
certificates thus create a trust chain throughout the transaction, verifying both 
purchaser and supplier identities. 

Many organizations that accept credit cards to pay for items purchased via 
e-commerce have adopted the Payment Card Industry (PCD security standard 
(www.pcisecuritystandards.org). This standard spells out measures and secu- 
rity procedures to safeguard the card issuer, the cardholder, and the merchant. 
Some of the measures include installing and maintaining a firewall configura- 
tion to control access to computers and data, never using software or hardware 
vendor-supplier defaults for system passwords, and requiring merchants to pro- 
tect stored data, encrypt transmission of cardholder information across public 
networks, use and regularly update antivirus software, and restrict access to 
sensitive data on a need-to-know basis. 

Various measures are being implemented to increase the security asso- 
ciated with the use of credit cards at the time of purchase. The Address 
Verification System is a check built into the payment authorization request 
that compares the address on file with the card issuer to the billing address 
provided by the cardholder. The Card Verification Number technique is a 
check of the additional digits typically printed on the back of the card (or on 
the front, in the case of American Express cards). Visa has Advanced Autho- 
rization, a Visa-patented process that provides an instantaneous rating of 
that transaction’s potential for fraud—using factors such as the value of the 
transaction, type of merchant, time of day the purchase is being made, and 
whether the site is one where the card owner has previously shopped. The 
card issuer can then send an immediate response to the merchant regarding 
whether to accept or decline the transaction. The technology is applied to 
every Visa credit and check card purchase today, and it has contributed to a 
two-thirds reduction in system-wide fraud for Visa over the past two decades. 
Visa has continued to add other features and data inputs to its fraud-detection 
systems, such as extended cardholder transaction data and even mobile loca- 
tion confirmation.” 

The Federal Financial Institutions Examination Council has developed a 
set of guidelines called “Authentication in an Internet Banking Environment,” 
which recommend two-factor authorization. This approach adds another iden- 
tity check along with the password system. A number of multifactor authentica- 
tion schemes can be used, such as biometrics, one-time passwords, or hardware 
tokens that plug into a USB port on the computer and generate a password 
that matches the ones used by a bank’s security system. 

The use of biometric technology to secure digital transactions has been 
slow to develop due to cost and privacy concerns. However, the Mastercard 
Identity Check service allows users to take an ID photo that will be used 
to create a digital map of their face, which will be stored on Mastercard’s 
servers. When the user wants to make a payment using their smartphone, the 
Mastercard app will capture their image, which, along with a user-entered 
password, will be authenticated before the transaction is approved. Mas- 
tercard’s system also offers a fingerprint sensor that can be used to verify 
purchases.” The Apple Pay system makes use of the fingerprint sensors on 
newer iPhones. Consumers paying with Apple Pay, which is tied to a credit 
or debit card, just hold their iPhone close to the contactless reader with their 
finger on the Touch ID button (if their iPhone has the button) or the Face 
ID feature.” 
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Transport Layer Security (TLS): 
A communications protocol or system 
of rules that ensures privacy between 
communicating applications and their 
users on the Internet. 


electronic cash: An amount of 
money that is computerized, stored, 
and used as cash for e-commerce 
transactions. 
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Transport Layer Security 
All online shoppers fear the theft of credit card numbers and banking infor- 
mation. To help prevent this type of identity theft, the Transport Layer Security 
communications protocol is used to secure sensitive data. Transport Layer 
Security (TLS) is a communications protocol or system of rules that ensures 
privacy between communicating applications and their users on the Internet. 
TLS enables a client (such as a Web browser) to initiate a temporary, private 
conversation with a server (such as a shopping site on the Web or an online 
bank). Before the client and server start communicating, they perform an auto- 
mated process called a “handshake” where they exchange information about 
who they are, and which secret codes and algorithms they’ll use to encode their 
messages to each other. Then for the duration of the conversation, all the data 
that passes between the client and server is encrypted so that even if somebody 
does listen in, they won’t be able to determine what’s being communicated. 
TLS is the successor to the Secure Sockets Layer (SSL). 

In addition to TLS handling the encryption part of a secure e-commerce 
transaction, a digital certificate is assigned to the Web site to provide positive 
server identification so shoppers can be assured of with whom that are dealing. 


Electronic Cash 


Electronic cash is an amount of money that is computerized, stored, and 
used as cash for e-commerce transactions. Typically, consumers must open an 
account with an electronic cash service provider by providing identification 
information. When the consumers want to withdraw electronic cash to make a 
purchase, they access the service provider via the Internet and present proof 
of identity—a digital certificate issued by a certification authority or a user- 
name and password. After verifying a consumer’s identity, the system debits 
the consumer’s account and credits the seller’s account with the amount of 
the purchase. PayPal, Venmo, Apple Pay Cash, Square Cash, Stripe, and WePay 
are some popular online payment service providers that facilitate the use of 
electronic cash. 

PayPal and Venmo enable any person or business with an email address 
to securely, easily, and quickly send and receive payments online. To send 
money, you enter the recipient’s email address and the amount you want to 
send. You can pay with a credit card, debit card, or funds from a checking 
account. The recipient gets an email message and accepts the transfer. Recip- 
ients can then collect their money by clicking a link in the email message 
that takes them to www.paypal.com. To receive the money, the user also must 
have a credit card or checking account to accept fund transfers. To request 
money for an auction, invoice a customer, or send a personal bill, you enter 
the recipient’s email address and the amount you are requesting. Venmo is a 
subsidiary of PayPal.” 

PayPal and Venmo have some important differences. First, PayPal is geared 
to transactions from a PC or tablet, not from a mobile device, which is the plat- 
form of Venmo. Second, PayPal was designed for secure transactions between 
people that may not know each other while Venmo was designed for people 
who know and trust each other. PayPal became popular when eBay bought it 
as a way to facilitate the payments between buyers and sellers using the eBay 
site. (PayPal spun off from eBay in 2015.) Venmo is a mobile app, and when 
a vendor accepts a Venmo payment, such as Uber, you can make the payment 
right from your phone. Another popular feature of Venmo allows you to share 
the cost of a purchase among other Venmo users. Once the other Venmo users 
accept their share of the cost, your account is adjusted.” 

The use of smartphones to make purchases and transfer funds between 
consumers and business has become commonplace. The goal is to make the 
payment process as simple and secure as possible and for it to work on many 
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different phones and through many different mobile network providers—not 
simple tasks. Fortunately, the intelligence built into the iPhone and other smart- 
phones can make this all possible. 

You can use several services (e.g., Square, PayPal Here, Intuit GoPayment, 
and PayAnywhere) to plug a credit card reader device into the headphone jack 
on a cell phone to accept credit card payments. Intuit’s GoPayment service does 
not require a credit card reader but rather provides software that lets you enter 
the credit card number. 

A free Starbucks mobile app that runs on iPhones and Android smartphones 
enables customers to order and pay for their java using their smartphones— 
without ever having to wait in line. App users, whose mobile purchases are 
tied to a credit card, can even tip their barista digitally.” 


Credit, Charge, Debit, and Smart Cards 


Many online shoppers use credit and charge cards for most of their Internet 
purchases. A credit card, such as Visa or Mastercard, has a preset spending 
limit based on the user’s credit history, and each month the user can pay all or 
part of the amount owed. Interest is charged on the unpaid amount. A charge 
card, such as American Express, carries no preset spending limit, and the entire 
amount charged to the card is due at the end of the billing period. There may 
be a limit to your spending, but it is dynamically determined and not preset as a 
fixed amount. You can’t carry a balance from month to month with a charge card 
like you can with a credit card. Charge cards require customers to pay in full 
every month or face a fee. Debit cards look like credit cards, but they operate 
like cash or a personal check. The debit card is linked directly to your savings 
or checking account. Each time you use the card, money is automatically taken 
from your checking or savings account to cover the purchase. Credit, charge, 
and debit cards currently store limited information about you on a magnetic 
strip. This information is read each time the card is swiped to make a purchase. 
All credit card customers are protected by law from paying more than $50 for 
fraudulent transactions, but the same is not true for debit cards. Banks can hold 
you liable for up to $500 in the case of a fraudulent use of your debit card. 

The smart card is a credit card-sized device with an embedded microchip 
to provide electronic memory and processing capability. Smart cards can be 
used for a variety of purposes, including storing a user’s financial facts, health 
insurance data, credit card numbers, and network identification codes and 
passwords. They can also store monetary values for spending. 

Smart cards are better protected from misuse than conventional credit, charge, 
and debit cards because the smart-card information is encrypted. Conventional 
credit, charge, and debit cards clearly show your account number on the face of 
the card. The card number, along with a forged signature, is all that a thief needs 
to purchase items and charge them against your card. A smart card makes credit 
theft practically impossible because a key to unlock the encrypted information is 
required, and there is no external number that a thief can identify and no physical 
signature a thief can forge. Table 9.8 compares various types of payment systems. 

Here in the United States, credit cards with only magnetic stripes are being 
replaced by cards with chips that employ the EMV (Europay, Mastercard, and 
Visa) global standard for working with point-of-sale systems. Each time the 
EMV card is used for inserted into a point-of-sale device for payment, it creates 
a unique transaction code that can never be reused. Unlike the European ver- 
sion of the card, which requires the user to enter a PIN number to complete 
the transaction, the U.S. card user simply signs the receipt. Technically, if a chip 
is used to verify the transaction, the card owner may or may not be required 
to sign the receipt, but if the transaction uses the magnetic strip to verify the 
information, the receipt should be signed. While cards with chips are nearly 
impossible to counterfeit, the account number of these cards is clearly visible 
and can be used by fraudsters for online purchases. 
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If your credit card has both a chip and a magnetic stripe, you may not be 
as safe as you think. Even though the chip creates very secure transactions the 
magnetic stripe is a significant security risk. A magnetic stripe reader can be 
purchased for about $30 and can read all of the sensitive personal the chip is 
designed to protect. Your best option is to have a credit card with a chip and 
no magnetic stripe. 

The U.S. financial institutions elected to implement the chip-and-sign EMV 
card rather than the chip-and-PIN card. Mastercard and Visa are supporters of EMV, 
and their cards all have chips, but in the United States there are still many credit 
cards backed by other institutions that do not have chips and only have a magnetic 
strip. The later card requires the user to enter their personal PIN number for each 
transaction. Counterfeit credit card fraud dropped 75 percent between the end of 
2015 and early 2018 thanks to the introduction of chip embedded credit cards.” 


TABLE 9.8 Comparison of payment systems 


Payment System Description Advantages Disadvantages 


Credit card Carries preset spending limit Each month the user can 


based on the user’s credit 


The unpaid balance accumu- 


Charge card 


Debit card 


Smart card 


history 


Looks like a credit card but 
carries no preset spending 
limit 


Looks like a credit card or 
automated teller machine 
(ATM) card 


Is a credit card device with 
embedded microchip capa- 
ble of storing facts about 
cardholder 


pay all or part of the amount 
owed. 


Does not involve lines of 
credit and does not accumu- 
late interest charges 


Operates like cash or a 
personal check 


Better protected from mis- 
use than conventional credit, 
charge, and debit cards 
because the smart card infor- 


lates interest charges—often 
at a high rate of interest. 


The entire amount charged 
to the card is due at the end 
of the billing period or the 
user must pay a fee. 


Money is immediately 
deducted from user’s account 
balance. 


Slowly becoming more widely 
used in the United States. 


mation is encrypted 


Critical Don’t Do It Yourself 
Thinking yy ANALYTICAL THINKING, APPLICATION 
Exercise 


For years, your construction materials business has had a B2B Web site that is used 
extensively by contractors in your area. Recently, you have decided to launch a 
B2C site to sell home repair materials to do-it-yourself (DIY) homeowners as well. 
Moving into the B2C market requires you to adapt your B2B business practices to 
better meet the needs of a B2C Web site. For instance, you had an established way 
to get payments from your B2B customers involving credit lines, invoicing, and 
installment plans, but you have never dealt with collecting online payments for 
relatively small orders from individuals. 

As you have begun planning for the launch of your B2C site, you have made two 
key decisions: (1) you will learn more about electronic payment systems and (2) 
you will hire a knowledgeable professional to construct the site. In order for your 
B2C site to thrive, you will need to accept credit cards, debit cards, PayPal, WePay, 
Venmo, and other forms of electronic payments. You are planning to research their 
terms of use—such as how much they charge you when they are used to make a 
payment—before making a final decision on what types of electronic payments you 
will accept. You will trust the professional B2B Web site developer to gather all the 
necessary information to support electronic payments and to ensure that your site 
will interface with the systems of the electronic payment providers. 
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Review Questions 


1. What should the Web site developer do to ensure security of the information 
used by your site? 

2. Is it better to limit payment at the B2C Web site to only credit cards and debit 
cards, or is it better to have a wide variety of electronic payment types? 


Critical Thinking Questions 


1. Why should your business have separate B2B and B2C Web sites? 

2. Many DIY customers are young and use their phones to make most of their 
online purchases. How will you assure your B2C Web site is m-commerce 
friendly? 


Principle: 


Organizations must define and execute an effective strategy to be 
successful in e-commerce. 

E-commerce is simply the conducting of business activities electronically 
over computer networks. Business-to-business (B2B) e-commerce allows man- 
ufacturers to buy at a low cost worldwide, and it offers enterprises the chance 
to sell to a global market. By far the greatest dollar volume of e-commerce sales 
falls under the category of B2B e-commerce. However, business-to-consumer 
(B2C) e-commerce occurs far more frequently, but the dollar amounts for the 
transactions are only a fraction of the B2B transactions. B2C enables organiza- 
tions to sell directly to the final consumers of the product. The direct approach 
eliminates intermediaries and limits costs. In many cases, this practice squeezes 
costs and inefficiencies out of the supply chain that can lead to both higher 
profits for the business and lower prices for consumers. Consumer-to-consumer 
(C2C) e-commerce involves consumers selling directly to other consumers. 
Online auctions are the chief method by which C2C e-commerce is currently 
conducted. E-government involves the use of information and communications 
technology to simplify the sharing of information, speed formerly paper-based 
processes, and improve the relationship between citizens and government. 

M-commerce is the use of mobile devices such as cell phones and smart- 
phones to facilitate the sale of goods or services—anytime and anywhere. It 
is just another form of e-commerce and at the same time a brand-new way to 
do e-commerce. It has the disadvantage of limited space to display information 
(on a smartphone), but it allows e-commerce to take place anytime/anywhere 
and all the time/everywhere. M-commerce is a rapidly growing segment of 
e-commerce, with countries in Asia and Europe leading much of the growth. 
The market for m-commerce in North America is maturing much later than in 
other countries for several reasons. 

Conversion to an e-commerce or m-commerce system enables organiza- 
tions to reach new customers, reduce the cost of doing business, speed the flow 
of goods and information, increase the accuracy of order-processing and order 
fulfillment, and improve the level of customer service. Many smartphone users 
always have their devices with them, and this fact allows them to constantly 
be engaged in e-commerce. 

A successful e-commerce system must address the many stages consumers 
experience in the sales life cycle. At the heart of any e-commerce system is the 
ability of the user to search for and identify items for sale; select those items; 
negotiate prices, terms of payment, and delivery date; send an order to the 
vendor to purchase the items; pay for the product or service; obtain product 
delivery; and receive after-sales support. 
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From the perspective of the provider of goods or services, an effective 
e-commerce system must be able to support the activities associated with 
supply chain management and customer relationship management. Many man- 
ufacturers and retailers have outsourced the physical delivery of goods to 
organizations specializing in product delivery. 

A firm faces three key challenges when converting its business processes 
from the traditional form to e-commerce processes: (1) dealing effectively with 
consumer privacy concerns, (2) successfully overcoming consumers’ lack of 
trust, and (3) overcoming global issues. Of these three challenges, privacy is 
currently the most prominent. The number of security breaches and their wide 
impact must be addressed by businesses involved with e-commerce. 


Principle: 


E-commerce is evolving, providing new ways of conducting business that 
present both potential benefits and potential problems. 

Many manufacturers are joining electronic exchanges; wholesale 
e-commerce is set to pass $1 trillion per year. That’s $1,000 billion. They are 
also using e-commerce to improve the efficiency of the selling process by 
moving customer queries about product availability and prices online where 
customers can instantly seek answers from the manufacturer’s database. 

The Web allows firms to gather much more information about customer 
behavior and preferences than they could using other marketing approaches. 
This new technology relies heavily on Web site analytics and has greatly 
enhanced the practice of market segmentation. This enables many companies 
to establish closer relationships with their customers. 

The Internet has revolutionized the world of investment and finance, espe- 
cially online stock trading and online banking. The Internet has also created 
many options for electronic auctions, where geographically dispersed buyers 
and sellers can come together. Don’t forget that multinational stock trading 
and online banking can be complicated by conflicting laws in the different 
countries. 

The numerous m-commerce applications include advertising, bartering, 
retargeting, price comparison, couponing, investment and finance, and bank- 
ing. But the main characteristics to consider are that (a) your device is with 
you so businesses know your location, (b) you have a customer profile that 
the business can use to target you, and (c) the m-commerce message can be 
delivered to your smartphone. 


Principle: 


E-commerce can be used in many innovative ways to improve the 
operations of an organization. 

Businesses and people use e-commerce and m-commerce to reduce trans- 
action costs, speed the flow of goods and information, improve the level of 
customer service, and enable the close coordination of actions among manu- 
facturers, suppliers, and customers. The capabilities of e-commerce grow as 
the power of computers and speed of networks increase—you could say that 
Moore’s Law applies to e-commerce. 

E-commerce and m-commerce also enable consumers and companies to 
gain access to worldwide markets. Organizations are making great strides in 
China, Japan, South Korea, and other Asian countries. There is also great prom- 
ise for developing countries, enabling them to enter the prosperous global mar- 
ketplace and hence helping to reduce the gap between rich and poor countries. 

Because e-commerce and m-commerce are global systems they face cul- 
tural, language, time and distance, infrastructure, currency, product and service, 
and state, regional, and national law challenges. 
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Most people agree that an effective Web site is one that creates an attractive 
presence and meets the needs of its visitors. E-commerce start-ups must decide 
whether they will build and operate the Web site themselves or outsource this 
function. Web site hosting services and storefront brokers provide alternatives 
to building your own Web site. 

To increase traffic to your Web site, you should register a domain name that 
is relevant to your business, make your site search-engine friendly by making 
it easily searchable by Web robots (“spiders”) that crawl the entire World Wide 
Web looking for content. Businesses also use Web site traffic data analysis soft- 
ware to attract additional customers and customize the user’s experience on the 
Web site so that it supports the user’s personal experience. Web site operators 
must constantly monitor the traffic and response times associated with their 
sites and adjust Web site content, software, databases, and hardware to ensure 
that visitors have a good experience when they visit. 

Web site operators must also continually be alert to new trends and devel- 
opments in the area of e-commerce and be prepared to take advantage of new 
opportunities, including personalization—the process of tailoring Web pages 
to specifically target individual consumers. 


Principle: 


E-commerce requires the careful planning and integration of many 
technology infrastructure components. 

A number of infrastructure components must be chosen and integrated to 
support a large volume of transactions with customers, suppliers, and other 
business partners worldwide. These components include hardware, Web server 
software, and e-commerce software. 

M-commerce presents additional infrastructure challenges, including 
improving the ease of use of wireless devices, addressing the security of wire- 
less transactions, and improving network speed. The Wireless Application 
Protocol (WAP) is a standard set of specifications to enable development of 
m-commerce software for wireless devices. The development of WAP and its 
derivatives addresses many m-commerce issues. 

Electronic payment systems are a key component of the e-commerce infra- 
structure. A digital certificate is an attachment to an email message or data 
embedded in a Web page that verifies the identity of a sender or a Web site. 
To help prevent the theft of credit card numbers and banking information, 
the Transport Layer Security (TLS) communications protocol is used to secure 
all sensitive data. Several electronic cash alternatives require the purchaser to 
open an account with an electronic cash service provider and to present proof 
of identity whenever payments are to be made. Payments can also be made by 
credit, charge, debit, and smart cards, and p-cards. Retail and banking industries 
are developing means to enable payments using a cell phone like a credit card. 


Key Terms 


business-to-business (B2B) e-commerce identity theft 
business-to-consumer (B2C) e-commerce market segmentation 
certificate authority (CA) omnichannel 
consumer-to-consumer (C2C) e-commerce personalization 


digital certificate 
e-government 
electronic cash 
electronic exchange 


search engine optimization 
storefront broker 


Transport Layer Security (TLS) 
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Self-Assessment Test 


Organizations must define and execute an effec- 
tive strategy to be successful in e-commerce and 
m-commerce. 


1. Businesses should use Web sites as standalone 
items for e-commerce and not connect them to 
other commerce efforts by the business. True or 
False? 

2. Businesses may use multiple, coordinated 
e-commerce applications that engage you in a 
purchase decision (such as allowing a customer 
in a physical store to scan a product UPC code to 
see social media comments, price comparisons 
for nearby stores, or a coupon for a discounted 
purchase). What is this marketing plan called? 

a. Spam 

b. Millennial marketing 

c. Omnichannel marketing 
d. B2B 

3. The most important issue to be considered when 
an organization embarks on e-commerce is 


a. choosing the right technology 
b. choosing the right professional to design the 
Web site 
c. making the business strategy paramount 
d. the amount spent on technology 
4. Implementation of a B2C e-commerce applica- 
tion can lead to B2B opportunities.True or False? 


E-commerce is evolving, providing new ways of con- 
ducting business that present both potential bene- 
fits and problems. 


5. Which of the following is not a main characteris- 
tic to consider with m-commerce application? 

a. M-commerce messages can be delivered to 
your phone. 

b. M-commerce only works when an app are 
your phone makes the payment. 

c. Your customer profile allows business to tar- 
get you. 

d. Your mobile device lets a business know your 
location. 

6. According to Moore’s Law, how long does it take 
for the power of computing technology to dou- 
ble for the same cost? 

a. 1% years 
b. 5 years 
c. 10 years 
d. 100 years 

7. The evolution of e-commerce : 

a. is a normal business occurrence that makes 
business processes more efficient 

b. is a disruption to business processes that 
makes businesses rethink how they achieve 
their objectives 


c. cannot be determined because e-commerce is 
less than 10 years old 

d. means that m-commerce will be the only 
form of e-commerce within five years 


E-commerce can be used in many innovative ways to 
improve the operations of an organization. 


8. 


10. 


Organizations cannot use existing technologies 

in innovative ways, they must wait for new 

technology to emerge before they innovate. 

True or False? 

Improving an organization’s performance with 

e-commerce most often means : 

a. replacing current, older employees with new, 
younger employees who are more adept at 
using technology 

b. changing the organization’s processes to 
achieve goals 

c. using artificial intelligence 

d. keeping the same processes but performing 
them faster 

Which of the following is NOT considered to be 

a key challenge of e-commerce? 

a. Dealing with consumer privacy issues 

b. Overcoming users’ lack of trust 

c. Overcoming global cultural challenges, lan- 
guage, time, distance, infrastructure, and cur- 
rency challenges 

d. Low user interest in accessing global markets 
and competitive pricing 


E-commerce requires the careful planning and 
integration of many technology infrastructure 
components. 


11. 


12. 


13. 


E-commerce is dependent upon electronic 

payments. True or False? 

Which of the following is a key technology 

infrastructure component? 

a. User profile privacy 

b. Translation features on Wed sites 

c. Multinational banking 

d. A high-speed connection to the network 

Which of the following is not a Payment Card 

Industry security safeguard? 

a. Using cash in transactions 

b. Using a firewall to control access to comput- 
ers and data 

c. Never allowing the use of default passwords 
for systems 

d. The use of antivirus software that is updated 
regularly 
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Self-Assessment Test Answers 


1. False 8. False 
2: C: 9. b. 
By © 1o d; 
4. True 11. True 
5. b. 2rd 

6. a. 13. a. 

7. b. 


Review and Discussion Questions 


1. Briefly explain the differences between B2B, 8. Identify and briefly discuss the five stages con- 
B2C, and C2C. sumers experience in the sales life cycle that 

2. What challenges does m-commerce present? must be supported by a successful e-commerce 

3. How does social media impact B2C e-commerce? system. 

4. Explain some of the ways e-government, 9. Identify and briefly discuss several challenges 
especially G2C, is different from B2C. that an organization faces in creating a success- 

5. Describe the multistage model for e-commerce. ful e-commerce operation. 

6. Explain the difference between “privacy” and 10. Outline the key steps in developing a corporate 
“confidentiality.” global e-commerce strategy. 


7. Explain some of the security issues around 
electronic payments. 


Business-Driven Decision-Making Exercises 


1. Two of the electronic cash options discussed acquisition and storage policies in order to 
in this chapter are Venmo and Square Cash. Do satisfy data privacy concerns in the European 
a comparison between these two based upon Union? 
(1) type of phone the app can run on, (2) bank 3. The air conditioning in your car just went out. 
transfer fee, (3) credit card fee, (4) debit card Use what you have learned in this chapter to 
fee, (5) transfer limit, and other factors you find and compare several auto repair shops that 
believe are significant. Explain which features can fix air conditioning. Your comparison should 
are most important to you and how you would include cost, ratings by customers that have used 
rate these apps overall. the repair shops, and how soon the work can 

2. Assume you are in an organization that only be completed. Write a brief summary of your 
does business in the United States but that is experience, and identify the Web sites you found 
considering doing business in the European most useful. 


Union. How would you change your data 


Teamwork and Collaboration Activities 


1. As a team, develop a plan for a B2C Web site to 2. Have your team choose three countries and 
suggest additional items a customer might pur- develop a plan that will make your university’s 
chase as well as higher value items. For exam- Web site culturally acceptable to all three coun- 
ple, if the customer purchased a new phone you tries. Describe several possible cultural issues 
could suggest also purchasing a “lost or stolen” and describe how your plan addresses the 
insurance plan or a case for the phone that issues. 


keeps it safe as dropped. You might suggest that 
for just a little more money per month you could 
get a larger data plan. Be creative. 
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Career Exercises 


1. Do research and write a brief report on three 
Web sites that show job openings or internships 
related to your major. CareerBuilder.com and 
even Facebook have sites but try to find a site 
that focuses on your major. Describe the key 
features of each of these sites, and explain why 
you would use the Web sites, or why not. Some 
of the key features might include (1) keeping 
your information confidential (remember that 


confidential is not the same as private), (2) the 
ability to apply for multiple jobs/internships, and 
(3) listings for part-time jobs. Be sure to include 
your university’s career center Web site in your 
research. 

2. Determine an organization you might wish to 
work for and examine its Web site. How could 
the B2C features of the Web site be improved? 
Provide at least three examples. 


z ANALYTICAL THINKING, GLOBAL, APPLICATION 


Alibaba, the Giant Chinese E-Commerce Site 

Alibaba (Alibaba Group Holdings), which was founded 

in Hangzhou, China, in 1999 has a B2B e-commerce site 
(Alibaba.com) and two large B2C e-commerce sites (Taobao. 
com and Tmall.com). The company employs over 100,000 
people across many countries. Their mission is “To Make It 
Easy to Do Business Anywhere,” and judging by the company’s 
success in only 20 years, it is achieving its mission. 

“Singles Day” in China is a response to traditional Val- 
entine’s Day celebrations, which take place in August in 
that country. On Single’s Day, which falls on November 11th 
each year, many Chinese treat themselves to an online pur- 
chase. In just 90 seconds on November 11, 2018, Alibaba 
took in over $1 billion in sales, and its Web sites pulled 
in more than $31 billion in sales by the end of the day on 
November 11. To put Alibaba sales in perspective, consider 
that the U.S. Cyber Monday sales for 2018 were a little over 
$6 billion. Online Valentine’s Day sales in the United States 
were less than $20 billion in 2018. 

Alibaba’s online travel platform, Fliggy, now offers an 
e-commerce market aimed at Chinese travelers traveling to 
other countries. There were 131 million overseas trips made 
by Chinese travelers in 2017. Fliggy is trying to improve the 
travel experience by offering Chinese tourists access to mer- 
chants and other businesses in the country they are visiting 
so they can purchase food and other products duty free and 
make arrangements for accommodations, sightseeing, and 
entertainment, all before reaching their destination. The 
platform allows merchants and other businesses in foreign 
countries to reach the large Chinese market. The reputation 
of Alibaba assures Chinese tourists of the quality and high 
standards of foreign businesses using the Fliggy site. 

Like any other e-commerce giant, Alibaba has been 
the target of hackers looking to steal customer information. 
In 2018, 21 suspects were arrested on suspicion of steal- 
ing information from one of Alibaba’s affiliates. No private 
information was obtained, but the thieves stole usernames 
and phone numbers from 10 million parcel shipments. 


The thieves were arrested before they were able to sell the 
stolen information to a third party, so police believe mini- 
mal damage was done to Alibaba customers. 

A constant theme at Alibaba is to expand, expand 
again, and then expand some more. In 20 years it grew from 
less than 20 employees to over 100,000. It had $31 billion in 
sales in a single day. E-commerce is dependent upon elec- 
tronic payments so how do all the customers pay? Alipay is 
the electronic payment system most Alibaba customers use 
in China. Over one billion people have an Alipay account, 
and over 500 million of those are active users. 

There are an estimated 100 million daily transactions 
on Alipay. By comparison, Visa has approximately 150 mil- 
lion transactions daily for their world wide operations. To 
use Alipay you must have a Chinese bank account or credit 
card account with a state-run bank in China. Alipay is used 
at restaurants, retail shops, hotels, and most businesses 
in China. Considering Alipay’s requirement for a Chinese 
bank account, its transaction numbers are staggering. The 
Taobao.com and TMall.com sites have recently added Visa 
and Mastercard as acceptable payment method, but many 
Chinese do not have these credit cards. 

Alipay has expanded beyond China and southeast 
Asia—it has come to the United States as well as 70 other 
countries. Alipay focuses heavily on Chinese traveling to 
or living in the other countries and does not actively mar- 
ket to non-Chinese. Remember, Alipay is tied to state-run 
banks operating in China. Alipay promotes e-commerce 
of Chinese tourists traveling in the United States or other 
countries who do not have bank accounts or credit cards in 
that foreign country. That means the Chinese tourist may be 
in the United States, but all transactions with Taobao.com, 
TMall.com, and Fliggy can still be made using Alipay. B2C 
e-commerce is closely tied to how customers can pay for 
their purchases, and Alibaba wants to retain their customers’ 
loyalty even as they travel. As China’s economy grows and 
more of its citizens travel abroad, Alibaba wants to be their 
e-commerce site of choice as they travel. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


360 PART 3 © Business Information Systems 


Critical Thinking Questions 


1. Alipay is the electronic cash system developed by Alib- 
aba for Taobao.com and TMail.com, but it can generate 
revenues for Alibaba when Alipay is used for other 
purchases such as at restaurants, grocery stores, etc. 
Mastercard and Visa have recently passed the Chinese 
government’s regulations to be used in China, but those 
credit cards are mainly accepted at larger restaurants, 
hotels, and other travel industry establishments in 
larger areas. Small businesses and businesses in rural 
areas are unlikely to accept Mastercard and/or Visa. 

Would the increased use of Mastercard and/ 
or Visa at Taobao.com and TMall.com help or hurt 
Alibaba? Explain your answer. 

2. Chinese citizens made over 130 million trips overseas 
in 2017, and the numbers increase each year. 

How does Alibaba leverage its Fliggy e-commerce 
site to get profits from using Fliggy instead of an 
e-commerce Web site in the country being visited by 
the Chinese tourist? 


3. Review the “Overcoming Global Issues” section of 
this chapter and then visit the TMall.com e-commerce 
Web site. How does TMall deal with the six challenges 
listed in that section? 


SOURCES: Alibaba FAQ sheet, https:/Avww.alibabagroup.com/en/ 
aboul/faqs; Dan Blystone, “Understanding the Alibaba Business Model,” 
Investopedia, October 20, 2019, bttps:/jvww.investopedia.com/articles/ 
investing/0623 15/understanding-alibabas-business-model.asp; Lacy, 
Lisa, “Alibaba Rings Up $30.8 Billion on Singles Day 2018,” November 
11, 2018, bttps:;/Avww,finder.com/using-a-credit-card-in-china; Chen, 
Guang, Alex Dichter, Steve Saxon, Peimin Suo, and Jackey Yu, “Huanying 
to the New Chinese Traveler,” McKinsey & Company, November 2018, 
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Principles Learning Objectives 


e An organization must have e Identify the basic activities and business objectives common to all trans- 
information systems that action processing systems. 
support routine, day-to-day 
activities and that help a 
company add value to its 
products and services. 


e Describe the transaction processing systems associated with the order 
processing, purchasing, and accounting business functions. 


e An organization that imple- œ Identify the basic functions performed and the benefits derived from the 


ments an enterprise system implementation of an enterprise resource planning system, Customer 
is creating a highly inte- resource management, and product lifecycle management system. 
grated set of systems, which Describe the hosted software model for enterprise systems and explain 
ee es to many business why this approach is so appealing to SMEs. 

enefits. 


e Identify the challenges that organizations face in planning, building, and 
operating their enterprise systems. 


e Identify tips for avoiding many of the common causes for failed enter- 
prise system implementations. 


e An organization must have e Develop an understanding of how data from one function of the organi- 
access to data across all of zation can be used to make critical decisions in another. 
its corporate functions and 
enterprise systems to help 
drive decision making 


e Identify tools that can be used to analyze this data, and demonstrate an 
ability to find valuable relationships between data. 


dizain/Shutterstock.com 
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IS in Action 


Healthcare Rises to Enterprise Systems 


Æ SYSTEMS AND PROCESSES, APPLICATION 


Physician groups, hospitals, insurance companies, and other healthcare entities require 
systems that are integrated across the enterprise. These systems help healthcare organiza- 
tions deliver optimal care to their patients and improve research results that drive future 
innovation. These enterprise-level systems often support thousands of users and millions 
of patients, when and where they need it. To enable this level of collaboration and care, 
electronic health records (EHR) have been instituted with the help of enterprise-level 
systems. 

Barts Health NHS Trust, which is composed of four major hospital sites and a number 
of community locations, serves more than 2.5 million people in east London, performing 
more than 23 million tests per year in their network of labs. They have seen dramatic 
benefits by implementing enterprise level systems in both their Emergency Department 
and across their pathology network. Within the Emergency Department, they have stream- 
lined workflows using the FirstNet emergency medicine module from Cerner Millennium’s 
enterprise-level healthcare system. As with many emergency departments, Barts Health 
was experiencing problems with long wait times, resulting in a backlog of patients who 
needed immediate care. The registration process often entailed gathering information from 
multiple sources and entering it into multiple systems, slowing the process, increasing 
the chances of error, and inhibiting communication. With the implementation of FirstNet 
across all of Barts’ emergency locations, patients to the Emergency Department are now 
registered electronically, previous information about the patient is easily retrieved, and 
their EHR is immediately updated. Patient registration times have decreased from five to 
one minute, allowing doctors to see critically ill patients more quickly. Providers are able 
to make better decisions by having complete information from the patient’s history imme- 
diately available, when even seconds can make a difference. When the time savings and 
care improvements are considered over millions of emergency visits, the benefits are clear. 
Wait times for appointments, open beds, and lab tests have decreased as well, because 
resource availability is kept current and made available to users throughout the system. 
Appointment and follow-up documentation is also captured by the system to improve 
collaboration and coordination among providers for future care. 

For their pathology network, Barts migrated from three different lab systems used by 
their four primary hospital locations and many smaller community providers to WinPath 
Enterprise offered by CliniSys in 2016 and 2017. With more readily available and com- 
plete information, Barts has improved turnaround times for labs and reduced the risk 
of clinical errors, which both lead to healthier patients. The enterprise-level system also 
led to dramatic reductions in cost by removing duplicate processes, systems, and IT 
services. System stability was improved, with IT support calls within the network dropping 
74 percent. Barts’ now integrated pathology network, is able to connect effectively with 
other enterprise-level systems within the organization, such as the Cerner Millennium EHR. 
Now information that is critical for patient care and provider collaboration is available 
when and where it is needed throughout Barts’ different functions and departments. 


As you read about enterprise systems, consider the following: 


e What advantages do integrated enterprise systems offer an organization? 

e What factors should organizations consider when adopting enterprise systems to 
support their business processes and plan for the future? 
What tools can organizations use to analyze data and identify trends? 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


366 PART 3 © Business Information Systems 


E 
Why Learn About Enterprise Systems? 


Individuals and organizations today are moving from a collection of nonintegrated transaction processing 
systems to highly integrated enterprise systems that perform routine business processes and maintain 
records about them. These systems support a wide range of business activities associated with supply 
chain management, customer relationship management, and product lifecycle management. Although 
they were initially thought to be cost effective only for very large companies, small- and mid-sized com- 
panies are now implementing these systems to reduce costs, speed time to market, and improve service. 

In our service-oriented economy, outstanding customer service has become a goal of virtually all 
companies. To provide good customer service, employees who work directly with customers—whether in sales, 
customer service, or marketing—require high-quality and timely data to make good decisions. Such workers 
might use an enterprise system to check the inventory status of ordered items, view the production-planning 
schedule to tell a customer when an item will be in stock, or enter data to schedule a delivery. 

No matter what your role, it is very likely that you will provide input to or use the output from your 
organization’s enterprise systems. Your effective use of these systems will be essential to raise the pro- 
ductivity of your firm, improve customer service, and enable better decision making. Thus, it is important 
that you understand how these systems work and what their capabilities and limitations are. 


This chapter begins with an overview of the individual transaction processing 
systems that support the fundamental operations of many organizations. Their 
data collection and processing methods, objectives, and primary activities are 
covered. Then enterprise systems, collections of integrated information systems 
that share a common database, are discussed. Enterprise systems ensure that 
data can be shared across all business functions and all levels of management 
to support the operational and management decision making needed to run 
the organization. The basic functions and benefits of these systems as well as 
the challenges of successfully implementing them are discussed. 


Transaction Processing Systems (me | 


Many organizations employ transaction processing systems (TPSs), which cap- 
ture and process the detailed data necessary to update records about the 
fundamental business operations of the organization. These systems include 
order entry, inventory control, payroll, accounts payable, accounts receivable, 
and the general ledger, to name just a few. The input to these systems includes 
basic business transactions, such as customer orders, purchase orders, receipts, 
time cards, invoices, and customer payments. The processing activities include 
data collection, data editing, data correction, data processing, data storage, and 
document production. The result of processing business transactions is that the 
organization’s records are updated to reflect the status of the operation at the 
time of the last processed transaction. 

A TPS also provides valuable input to management information systems, deci- 
sion support systems, and knowledge management systems. Indeed, transaction 
processing systems serve as the foundation for these other systems. See Figure 10.1. 
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batch processing system: A 
form of data processing whereby 
business transactions are accumulated 
over a period of time and are 
processed as a single unit or batch. 


FIGURE 10.2 


Batch versus online 


transaction processing 

(a) Batch processing inputs and 
processes data in groups. (b) In 
online processing, transactions are 
processed as they occur. 
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Transaction processing systems support routine operations associated with 
business processes, such as customer ordering and billing, shipping, employee 
payroll, purchasing, and accounting. TPSs use a large amount of input and output 
data to update the official records of the company about orders, sales, custom- 
ers, and so on. TPSs, however, don’t provide much support for decision making. 

Because TPSs often perform activities related to customer sales and 
contacts—such as order processing and invoicing—these information systems 
play a critical role in providing value to the customer. Organizations have a 
wide range of options when selecting a TPS to meet their customer service 
support needs. For example, Zendesk is a help desk management software 
application that helps organizations strengthen customer relationships by sup- 
porting communication on multiple channels, including text, phone, email, 
and social media. Zendesk is used by more than 200,000 companies including 
Uber, Groupon, Box, Airbnb, and Disney.' Quickbooks from Intuit is a soft- 
ware application that provides transaction support for functions such as sales, 
billing, inventory, and payroll with more than 7 million customers globally. 


Traditional Transaction Processing Methods and Objectives 


With batch processing systems, business transactions are accumulated over 
a period of time and prepared for processing as a single unit or batch. See 
Figure 10.2a. Transactions are accumulated for as long as necessary to meet the 
needs of the users of that system. For example, it might be important to process 
invoices and customer payments for the accounts receivable system daily. On the 
other hand, the payroll system might process time cards biweekly to create checks, 
update employee earnings records, and distribute labor costs. The essential charac- 
teristic of a batch processing system is the delay between an event and the even- 
tual processing of the related transaction to update the organization’s records. For 
many applications, batch processing is an appropriate and cost-effective approach. 
Payroll transactions and billing are typically done via batch processing. 


Data entry 
of accumulated 
transactions 


Input (batched) 
(a) Batch Processing 


Terminal 


Terminal 


Immediate Central computer 
processing (processing) 
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online transaction processing 
(OLTP): A form of data processing 
where each transaction is processed 
immediately without the delay of 
accumulating transactions into a batch. 


Example of OLTP system 
PayPal uses an OLTP system 

to manage payments between 
merchants and consumers as well 
as between individual users.° 


Automatic Data Processing (ADP) is a major provider of business outsourc- 
ing solutions for payroll administration for more than 740,000 organizations 
worldwide. It uses a batch processing system to prepare the paychecks, pay- 
roll cards, and direct deposits of 40 million other workers around the world, 
including one out of six workers in the United States.’ 

With online transaction processing (OLTP) each transaction is processed 
immediately without the delay of accumulating transactions into a batch, as shown 
in Figure 10.2b. Consequently, at any time, the data in an online system reflects the 
current status. This type of processing is essential for businesses that require access 
to current data such as airlines, ticket agencies, and stock investment firms. Many 
companies find that OLTP helps them provide faster, more efficient service—one 
way to add value to their activities in the eyes of the customer. See Figure 10.3. 


Online payments giant PayPal Holdings, Inc. employs a massive OLTP 
system to process more than 9.9 billion payments annually through its Braintree, 
PayPal, Venmo, Xoom, and iZettle products. The payments between mer- 
chants and consumers—as well as between individual users—total more than 
$578 billion annually.‘ 

The specific business needs and goals of the organization define the method 
of transaction processing best suited for the various applications of the company. 
Increasingly, the need for current data for decision making is driving many orga- 
nizations to move from batch processing systems to online transaction processing 
systems when it is economically feasible. For example, the State of Wisconsin 
Department of Health Services (DHS) runs the Women, Infants, and Children 
(WIC) program. WIC’s goal is to support and sustain the health and well-being 
of nutritionally at-risk pregnant, breastfeeding, and postpartum women, as well 
as their infants and children. DHS employed a batch processing system to man- 
age this program and processed the WIC data in a batch at the end of the day. 
Required integration with Medicaid providers created a built-in delay in obtaining 
information needed for decision making and government reporting. DHS needs 
up-to-date data to avoid dual participation incidents, such as a client or caregiver 
receiving more WIC deposits than are allowed for one month or receiving WIC 
benefits and the Commodity Supplemental Food Program (CSFP) payments at the 
same time. DHS moved to an online transaction processing system to ensure that 
all data is now available on a real-time basis. The system is Web-based, and WIC 
staff needs only a Web browser and secure Internet access to work with the data.*° 
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Figure 10.4 shows the traditional flow of key pieces of information from 
one TPS to another for a typical manufacturing organization. When transactions 
entered into one system are processed, they create new transactions that flow 
into another system. 
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FIGURE 10.4 
Integration of a firm’s TPS 
When transactions entered into one system are processed, they create new transactions that flow into another 


system. 
Because of the importance of transaction processing, organizations expect 
their TPSs to accomplish a number of specific objectives, including the following: 

e Capture, process, and update databases of business data required to sup- 
port routine business activities 

e Ensure that the data is processed accurately and completely 

e Avoid processing fraudulent transactions 

e Produce timely user responses and reports 

e Reduce clerical and other labor requirements 

e Help improve customer service 

e Achieve competitive advantage 
A TPS typically includes the following types of systems: 

e Order processing systems. Running these systems efficiently and reli- 
ably is so critical that the order processing system is sometimes referred 
to as the lifeblood of the organization. The processing flow begins 
with the receipt of a customer order. The finished product inventory is 
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checked to see if sufficient inventory is on hand to fill the order. If suf- 
ficient inventory is available, the customer shipment is planned to meet 
the customer’s desired receipt date. A product pick list is printed at the 
warehouse from which the order is to be filled on the day the order is 
to be shipped. At the warehouse, workers gather the items needed to 
fill the order and enter the item identifier and quantity for each item to 
update the finished product inventory. When the order is complete and 
sent on its way, a customer invoice is created, with a copy included in 
the customer shipment. 

e Accounting systems. The accounting systems must track the flow of 
data related to all the cash flows that affect the organization. As men- 
tioned earlier, the order processing system generates an invoice for 
customer orders to include with the shipment. This information is also 
sent to the accounts receivable system to update the customer’s account. 
When the customer pays the invoice, the payment information is also 
used to update the customer’s account. The necessary accounting trans- 
actions are sent to the general ledger system, which tracks amounts 
owed from customers and amounts due to vendors. Similarly, as the pur- 
chasing systems generate purchase orders and those items are received, 
information is sent to the accounts payable system to manage the 
amounts owed by the company. Data about amounts owed and paid by 
customers to the company and from the company to vendors and oth- 
ers are sent to the general ledger system, which records and reports all 
financial transactions for the company. 

e Purchasing systems. The traditional transaction processing systems 
that support the purchasing business function include inventory control, 
purchase order processing, receiving, and accounts payable. Employ- 
ees place purchase order requests in response to shortages identified 
in inventory control reports. Purchase order information flows to the 
receiving system and accounts payable systems. A record is created upon 
receipt of the items ordered. When the invoice arrives from the supplier, 
it is matched to the original order and the receiving report, and a check 
is generated if all data is complete and consistent. 


In the past, organizations knitted together a hodgepodge of systems to 
accomplish the transaction processing activities shown in Figure 10.4. Some of 
the systems might have been applications developed using in-house resources, 
some may have been developed by outside contractors, and others may have been 
off-the-shelf software packages. Much customization and modification of this 
diverse software was typically necessary for all the applications to work together 
efficiently. In some cases, it was necessary to print data from one system and 
then manually reenter it into other systems. Of course, this increased the amount 
of effort required and increased the likelihood of processing delays and errors. 

The approach taken today by many organizations is to implement an inte- 
grated set of transaction processing systems—from a single or limited number 
of software vendors—that handle most, or all, of the transaction processing 
activities shown in Figure 10.4. The data flows automatically from one appli- 
cation to another with no delay or need to reenter data. For example, Lukas 
Nursery, a fourth-generation family-owned agri-business in central Florida, 
implemented a suite of software applications that it integrated into the garden 
center’s POS system. The nursery consolidated its systems (including several 
manual systems) into an integrated retail business management solution pro- 
vided by one vendor, allowing it to update its business practices, optimize sea- 
sonal inventory, manage a customer loyalty program, and make more informed. 
business decisions through the use of the software’s analytics capabilities.’ 

Table 10.1 summarizes some of the ways that companies can use transac- 
tion processing systems to achieve competitive advantage. 
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TABLE 10.1 Examples of TPSs yielding significant benefits 


Competitive Advantage Example 


Better relationship with suppliers 


Costs dramatically reduced 


Customer loyalty increased 


Inventory levels reduced 


Superior information gathering 


Superior service provided to 
customers 


Internet marketplace to allow the company to purchase products from suppliers 
at discounted prices 


Warehouse management system employing RFID technology to reduce labor 
hours and improve inventory accuracy 


Customer interaction system to monitor and track each customer interaction with 
the company 


Collaborative planning, forecasting, and replenishing system to ensure the right 
amount of inventory is in stores 


Order configuration system to ensure that products ordered will meet customer’s 
objectives 


Tracking systems that customers can access to determine shipping status 


Depending on the specific nature and goals of the organization, any one 
of the objectives in Table 10.1 might be more important than others. By meet- 
ing these objectives, TPSs can support corporate goals such as reducing costs; 
increasing productivity, quality, and customer satisfaction; and running more 
efficient and effective operations. 


Transaction Processing Systems for Entrepreneurs and Small- and 
Medium-Sized Enterprises 


Many software packages provide integrated transaction processing system 
solutions for small- and medium-sized enterprises (SMEs), wherein SME is a 
legally independent enterprise with no more than 500 employees. Integrated 
transaction processing systems for SMEs are typically easy to install and oper- 
ate and usually have a low total cost of ownership, with an initial cost of a 
few hundred to a few thousand dollars. Such solutions are highly attractive to 
firms that have outgrown their current software but cannot afford a complex, 
high-end integrated system solution. Table 10.2 presents some of the dozens 
of such software solutions available. 


TABLE 10.2 Sample of integrated TPS solutions for SMEs 


Vendor Software 

AccuFund  AccuFund 

OpenPro OpenPro 

Intuit QuickBooks 

Sage Sage 300 Construction 
and Real Estate 

Redwing TurningPoint 


Type of TPS Offered Target Customers 


Nonprofit, municipal, and 
government organizations 


Financial reporting and accounting 


Manufacturers, distributors, and 
retailers 


Complete ERP solution, including 
financials, supply chain management, 
e-commerce, customer relationship 
management, and retail POS system 


Financial reporting and accounting Manufacturers, professional 
services, contractors, nonprofits, 


and retailers 


Financial reporting, accounting, and 
operations 


Contractors, real estate developers, 
accountants, and residential builders 


Professional services, banks, and 
retailers 


Financial reporting and accounting 
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transaction processing 

cycle: The process of data 
collection, data editing, data correction, 
data processing, data storage, and 
document production. 


Transaction processing 
activities 

A transaction processing cycle 
includes data collection, data edit- 
ing, data correction, data process- 
ing, data storage, and document 
production. 


data collection: Capturing 
and gathering all data necessary 
to complete the processing of 
transactions. 


Sage is a provider of accounting, ERP, human resources, payroll, asset manage- 
ment, and payment systems software. Its Sage 300 Construction and Real Estate 
software provides an integrated set of applications specifically designed for custom- 
ers in the construction, property management, and real estate industries. Small- and 
medium-sized construction businesses can efficiently support their operations and 
easily access their financial data with Sage’s cloud-based project management tools.’ 

Echo Valley Irrigation is a golf course and sports field irrigation design and 
construction company founded in 1986. For years, Echo Valley utilized a patch- 
work of processes and technologies to run its business. As the company contin- 
ued to grow, however, its systems were not keeping up. Eventually, Echo Valley 
implemented the Sage 300 cloud-based software package, which provides the 
company with a range of automated accounting functions, like creating a job-level 
profit-and-loss analysis for more accurate bidding on new projects. Managers 
can quickly check status and make changes online in this cloud-based system.? 


Transaction Processing Activities 


Along with having common characteristics, all TPSs perform a common set of 
basic data-processing activities. TPSs capture and process data that describes 
fundamental business transactions. This data is used to update databases and to 
produce a variety of reports for people both within and outside the enterprise. 
The business data goes through a transaction processing cycle that includes 
data collection, data editing, data correction, data processing, data storage, and 
document production. See Figure 10.5. 


Original data 
Data 
collection 
Data 
editing 
Bad Good 
data data 
Data Data 
correction processing 


TPS 
reports 


Data Collection 


Capturing and gathering all data necessary to complete the processing of trans- 
actions is called data collection. In some cases, it can be done manually, such 
as by collecting handwritten sales orders or inventory update forms. In other 
cases, data collection is automated via special input devices such as scanners, 
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streaming: A form of data 
collection, where data is available 
through a continuous feed. 


source data automation: 
Capturing data at its source and 
recording it accurately in a timely 
fashion, with minimal manual effort 
and in an electronic or digital form so 
that it can be directly entered into the 
computer. 
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point-of-sale (POS) devices, and terminals. New technologies have enabled the 
continuous streaming of data and have dramatically sped up data collection, 
whether the data is being processed in batches or real-time. Streaming pro- 
vides a continuous stream of data that organizations can tap into and process, 
supporting faster decisions. Streaming is not appropriate to all situations; it 
depends on the objective. For instance, batch collection and processing may be 
a better choice if real-time analytics are not required. Streaming data collection 
is likely the best choice when organizations are using the data to become more 
agile, innovative, and responsive to threats. Usually it is best to use a combi- 
nation of collection and processing methods, choosing the methods that best 
meet the goals of the business.'° 

Data collection begins with a transaction (e.g., taking a customer order) 
and results in data that serves as input to the TPS. Data should be captured at 
its source and recorded accurately in a timely fashion, with minimal manual 
effort and in an electronic or digital form that can be directly entered into 
the computer. This approach is called source data automation. An example 
of source data automation is an automated device at a retail store that speeds 
the checkout process—either UPC codes read by a scanner or RFID signals 
picked up at the register. Using UPC bar codes or RFID tags is quicker and 
more accurate than having a clerk enter codes manually. The product ID for 
each item is determined automatically, and its price retrieved from the item 
database. The point-of-sale TPS uses the price data to determine the custom- 
er’s total. The store’s inventory and purchase databases record the number 
of units of an item purchased, along with the price and the date and time of 
the purchase. The inventory database generates a management report noti- 
fying the store manager to reorder items that have fallen below the reorder 
quantity. The detailed purchases database can be used by the store or sold 
to marketing research firms or manufacturers for detailed sales analysis. See 
Figure 10.6. 
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FIGURE 10.6 
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Point-of-sale transaction processing system 
A store’s inventory database and its database of purchases are both updated as part of the checkout process. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


374 PART 3 © Business Information Systems 


data editing: Checking data for 
validity and completeness to detect 
any problems. 


data correction: Reentering 
data that was not typed or scanned 
properly. 


data processing: Performing 
calculations and other data 
transformations related to business 
transactions. 


data storage: Updating one or 
more databases with new transactions. 


Many grocery stores combine point-of-sale scanners and coupon printers. 
The systems are programmed so that each time a specific product—for example, 
a box of cereal—crosses a checkout scanner, an appropriate coupon, perhaps 
a milk coupon, is printed. Companies can pay to be promoted through the sys- 
tem, which is then programmed to print those companies’ coupons if the cus- 
tomer buys a competing brand. These TPSs help grocery stores increase profits 
by improving their repeat sales and bringing in revenue from other businesses. 

Many mobile POS (point-of-sale) systems operate on tablets, smartphones, 
or other touchscreen devices. Some mobile POS systems include marketing 
tools that SMEs can use to thank first-time customers and send automated 
emails to longtime customers who have not visited recently. 

Cloud-based POS systems provide a range of capabilities, including advanced 
integration with digital loyalty programs, various accounting tools, and the abil- 
ity to generate gift cards and coupons. Popular POS systems include Square, 
Shopify, and ShopKeep.'! The owners of The Creative Wedge, an artisan market 
that sells cheese and charcuterie along with craft beer and local wine, imple- 
mented a truly mobile POS system that allows them to sell product out of their 
store as well as at various local events, including farmer’s markets and festivals.’ 


Data Editing 


An important step in processing transaction data is to check data for validity 
and completeness to detect any problems, a task called data editing. For exam- 
ple, quantity and cost data must be numeric, and names must be alphabetic; 
otherwise, the data is not valid. Often, the codes associated with an individual 
transaction are edited against a database containing valid codes. If any code 
entered (or scanned) is not present in the database, the transaction is rejected. 


Data Correction 


It is not enough simply to reject invalid data. The system should also provide 
error messages that alert those responsible for editing the data. Error messages 
must specify the problem so proper corrections can be made. A data correction 
involves reentering data that was not typed or scanned properly. For example, 
a scanned UPC code must match a code in a master table of valid UPCs. If the 
code is misread or does not exist in the table, the checkout clerk is given an 
instruction to rescan the item or type the information manually. 


Data Processing 


Another major activity of a TPS is data processing, performing calculations 
and other data transformations related to business transactions. Data process- 
ing can include classifying data, sorting data into categories, performing cal- 
culations, summarizing results, and storing data in the organization’s database 
for further processing. In a payroll TPS, for example, data processing includes 
multiplying an employee’s hours worked by the hourly pay rate. Overtime 
pay, federal and state tax withholdings, and deductions are also calculated. 
In a doctor’s office, patient demographic data is entered and sent to various 
databases for use by the physician, billing department, referrals department, 
surgery scheduling, and so forth. 


Data Storage 


Data storage involves updating one or more databases with new transactions. 
After the database is updated, the data can be further processed by other 
systems so that it is available for management reporting and decision mak- 
ing. Thus, although transaction databases can be considered a by-product of 
transaction processing, they can significantly affect nearly all other information 
systems and decision-making processes within an organization. The speed at 
which information is available depends on the processing system being used. 
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Document Production 


document production: Document production involves generating output records, documents, and 

Generating output records, documents, reports. These can be hard-copy paper reports or displays on computer screens 

and reports. (sometimes referred to as soft copy). Printed paychecks, for example, are hard- 
copy documents produced by a payroll TPS, whereas an outstanding balance 
report for invoices might be an electronic report displayed by an accounts 
receivable TPS. Often, as shown earlier in Figure 10.6, results from one TPS 
flow downstream to become input to other systems, which might use the 
results of an inventory database update to create a stock exception report, a 
type of management report showing items with inventory levels below the 
specified reorder point. 

In addition to major documents such as checks and invoices, most TPSs 
provide other useful management information, such as printed or on-screen 
reports that help managers and employees perform various activities. A report 
showing current inventory is one example; another might be a document list- 
ing items ordered from a supplier to help a receiving clerk check the order 
for completeness when it arrives. A TPS can also produce reports required by 
local, state, and federal agencies, such as statements of tax withholding and 
quarterly income statements. 


Critical TPS Needed to Support Small Business 


Thinking = REAL-WORLD INTEGRATION, DECISION MAKING 
Exercise 


D5 Consulting is a small grant-writing business that was founded two years ago 
by Dion Davenport. Since then, Dion has performed a wide range of activities, 
including business development, grant writing, and invoicing. Because D5 began 
as a home-based business, with only a few clients, Dion has been generating sim- 
ple invoices using Microsoft Word. He then uses a manual process to follow up on 
invoices to ensure they are being paid in a timely manner. 

Over the last two years, however, D5 Consulting has grown significantly. The 
company now works with more than 50 clients on a variety of jobs ranging from 
small, simple projects to larger, more complex projects requiring multiple invoices. 
As the company grew, Dion found himself spending as much time creating and 
tracking down invoices as he did generating billable hours. As a result, he has 
been putting in very long hours to keep up with the work. D5 also now has sev- 
eral contractors doing work for the firm. Each contractor submits submit monthly 
invoices for their work, which means Dion has even more administrative tasks to 
keep track of. In the last several months, Dion has been late paying a few of the 
contractors because he has gotten behind processing their invoices or because 
he did not realize that they had not submitted their invoices in a timely manner. 

Dion is frustrated with the inefficiencies in the business and fears that it will 
either result in lower client satisfaction or him exiting the business due to the long 
work hours. 


Review Questions 

1. What functions would a TPS need to perform in order to alleviate the issues 
at D5 Consulting? 

2. How would these functions benefit D5 Consulting? 


Critical Thinking Questions 

What factors should Dion consider when selecting a TPS? 

1. What stakeholders should Dion consult with to determine the appropriate 
needs for a TPS? Why should he consult with those stakeholders, and how will 
that help alleviate his frustration? 
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enterprise system: A system 
central to the organization that 
ensures information can be shared 
with authorized users across all 
business functions and at all levels of 
management to support the running 
and managing of a business. 


An enterprise system is central to individuals and organizations of all sizes 
and ensures that information can be shared with authorized users across all 
business functions and at all levels of management to support the running 
and managing of a business. Enterprise systems employ a database of key 
operational and planning data that can be shared by all, eliminating the prob- 
lems of missing information and inconsistent information caused by multiple 
transaction processing systems that each support only one business function 
or one department in an organization. Examples of enterprise systems include 
enterprise resource planning systems that support supply chain processes, such 
as order processing, inventory management, and purchasing, and customer 
relationship management systems that support sales, marketing, and customer 
service-related processes. 

Businesses rely on enterprise systems to perform many of their daily activ- 
ities in areas such as product supply, distribution, sales, marketing, human 
resources, manufacturing, accounting, and taxation so that work can be per- 
formed quickly without waste or mistakes. Without such systems, recording 
and processing business transactions would consume huge amounts of an 
organization’s resources. This collection of processed transactions also forms 
a storehouse of data invaluable to decision making. The ultimate goal of such 
systems is to satisfy customers and provide significant benefits by reducing 
costs and improving service. 


Enterprise Resource Planning 


Enterprise resource planning (ERP) is a set of integrated programs that man- 
age a company’s vital business operations for an entire organization—even a 
complex, multisite, global organization. Recall that a business process is a set 
of coordinated and related activities that takes one or more types of input and 
creates an output of value to the customer of that process. The customer might 
be a traditional external business customer who buys goods or services from 
the firm. An example of such a process is capturing a sales order, which takes 
customer input and generates an order. The customer in a business process 
might also be an internal customer, such as an employee in another department 
of the firm. For example, the shipment process generates the internal docu- 
ments workers need in the warehouse and shipping departments to pick, pack, 
and ship orders. At the core of the ERP system is a database that is shared by 
all users so that all business functions have access to current and consistent 
data for operational decision making and planning, as shown in Figure 10.7. 


Production and supply 
chain management 


FIGURE 10.7 
Enterprise resource planning system 
An ERP integrates business processes and the ERP database. 
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ERP systems evolved from materials requirement planning (MRP) systems 
developed in the 1970s. These systems tied together the production planning, 
inventory control, and purchasing business functions for manufacturing organi- 
zations. During the late 1980s and early 1990s, many organizations recognized 
that their legacy TPSs lacked the integration needed to coordinate activities 
and share valuable information across all the business functions of the firm. 
As a result, costs were higher and customer service was poorer than desired. 
Large organizations, specifically members of the Fortune 1000, were the first 
to take on the challenge of implementing ERP. As they did, they uncovered 
many advantages as well as some disadvantages, which are summarized in the 
following sections. 


Advantages of ERP 


Increased global competition, new needs of executives for control over the 
total cost and product flow through their enterprises, and ever-more-numerous 
customer interactions drive the demand for enterprise-wide access to real-time 
information. ERP offers integrated software from a single vendor to help meet 
those needs. The primary benefits of implementing ERP include improved 
access to quality data for operational decision making, elimination of costly, 
inflexible legacy systems, improvement of work processes, and the opportu- 
nity to upgrade and standardize technology infrastructure. ERP vendors have 
also developed specialized systems that provide effective solutions for specific 
industries and market segments. 


Improved Access to Quality Data for Operational Decision Making 
ERP systems operate via an integrated database, using one set of data to sup- 
port all business functions. For example, the systems can support decisions on 
optimal sourcing or cost accounting for the entire enterprise or business units. 
With an ERP system, data is integrated from the start, eliminating the need to 
gather data from multiple business functions and/or reconcile data from more 
than one application. The result is an organization that looks seamless, not 
only to the outside world but also to the decision makers who are deploying 
resources within the organization. Data is integrated to facilitate operational 
decision making and allows companies to provide better customer service and 
support, strengthen customer and supplier relationships, and generate new 
business opportunities. To ensure that an ERP system contributes to improved 
decision making, the data used in an ERP system must be of high quality. 

Based in New York, Women’s World Banking is a global nonprofit focused 
on providing low-income women access to the financial tools and resources 
they need to build secure and prosperous lives. The organization works through 
a network of 49 institutions in 31 countries to create new financial products 
that must meet the needs of women in each of its markets while also being sus- 
tainable for its partner financial institutions.!’ Women’s World Banking needs 
access to detailed transaction information so it can maintain complete trans- 
parency into its balances by entity, donor, and grant—even down to the project 
level. To accomplish this, the organization previously utilized two stand-alone 
systems that often gave front and back office staff very different views of the 
organization’s key performance metrics, resulting in time-consuming data entry 
and reconciliation between the two systems. To streamline its operations, Wom- 
en’s World Banking implemented an ERP system that provides it with access to 
the data it needs to apply for new funding grants, quickly and accurately report 
on existing grants, and make decisions regarding investments in new business 
development opportunities. Since its ERP roll-out, the organization has cut hun- 
dreds of hours of accounts payable and grant-reporting time annually, reduced 
data entry by almost 15 hours per month, and gained greater visibility into its 
spending across multiple entities, grants, donors, and projects.4 
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Although having greater access to operational data is beneficial to an orga- 
nization, being able to analyze it in unique and interesting ways to derive 
insights can often be a challenge—particularly if the data exists in two separate 
enterprise systems. Consider the example of Salesforce, a cloud-based customer 
relationship management (CRM) application used by many Fortune 500 com- 
panies. Salesforce allows organizations to track the client experience in very 
flexible and robust ways, and one of its more valuable features is a function 
that allows client services staff, sales representatives, and even customers to 
submit requests for new products or product enhancements. This customer 
information in aggregate would be very useful to product management teams; 
however, in many companies, product management employees are not given 
licenses to use Salesforce, meaning they don’t have direct access to this infor- 
mation. In this scenario, product suggestions from customers are often only 
shared anecdotally between product development staff and members of the 
sales team—leading to a disconnect in what customers are asking for and what 
the product team is building.” 

Organizations are solving the problem of disconnected enterprise systems 
by using data visualization and (business intelligence) BI tools like Birst, Domo, 
and Tableau to create dashboard experiences that integrate data from multiple 
enterprise systems. Such a dashboard might show the top product requests from 
employees and customers in parallel with the product roadmap for the year to 
highlight any gaps that the product development team should be focusing on.!° 


Al Generated Insights and the Human-Machine 

Learning Partnership 

One of the benefits of artificial intelligence (AD and machine learning is the 
ability to identify unique patterns, correlations, and anomalies within a vast 
amount of diverse data. However, AI still lacks outside context on the impor- 
tance of those patterns, including an understanding of how an organization 
should act on that data. Organizations with an ERP and a centralized database 
have an opportunity to leverage AI to identify patterns, allowing decision mak- 
ers to act on significant data trends that might have otherwise gone unnoticed. 
Organizations that make effective use of machine learning in conjunction with 
enterprise software ensure that decision makers no longer need to spend the 
time to manually collect and prepare the data and developing an analysis to 
find interesting insights. 

Google as standard practice is always trying to learn more about what cus- 
tomers are saying about its products and services, including its popular Google 
Maps application. Google uses analytics techniques that automatically reveal 
insights from online consumer conversations (social media, blogs, forums, etc.) 
using machine learning to identify patterns in those conversations. From this 
data, Google found that people used Google Maps not only to get from point A 
to point B, but also to plan out running routes, track their distances, and high- 
light their fitness accomplishments by sharing screenshots of Google Maps on 
social media. Based on the knowledge gained through the use of this analytics 
data, Google made changes to the product functionality of Google Maps, mak- 
ing it easier for users to share on social media. The company also developed a 
marketing strategy to take advantage of this new use of its product. 


Elimination of Costly, Inflexible Legacy Systems 

Adoption of an ERP system enables an organization to eliminate dozens or even 
hundreds of separate systems and replace them with a single integrated set of 
applications for the entire enterprise. In many cases, these systems are decades 
old, the original developers are long gone, and the systems are poorly docu- 
mented. As a result, the systems are extremely difficult to fix when they break, 
and adapting them to meet new business needs takes too long. They become an 
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anchor around the organization that keeps it from moving ahead and remaining 
competitive. An ERP system helps match the capabilities of an organization’s 
information systems to its business needs—even as these needs evolve. 
Steinwall Scientific is a Minnesota-based precision thermoplastic injection 
molder specializing in manufacturing plastic parts using engineering-grade res- 
ins. The company has been in business for more than 45 years, and for much of 
that time, most aspects of the company’s business were managed using an out- 
dated proprietary DOS operating system that had been originally programmed 
by the company’s president as a simple inventory management program. In 
addition to its internally developed system, Steinwall was also using a separate 
IBM accounting software program. However, the company’s two main systems 
were unable to communicate with each other, creating ongoing data-entry 
errors and significant manufacturing bottlenecks as the company worked to 
take on new clients. Ultimately, Steinwall made the choice to upgrade its system 
to an integrated manufacturing ERP system. Over the course of six months, 
Steinwall gradually moved all of its processing tasks, along with all of its data, 
to the new system. Among the many benefits that Steinwall has experienced 
after moving all of its business functions to its new ERP system are improved 
inventory control accuracy; enhanced warehouse management; and procedural 
and culture changes resulting in a greater efficiency across all its departments." 


Improvement of Work Processes 


Competition requires companies to structure their business processes to be as 
effective and customer oriented as possible. To further that goal, ERP vendors 
do considerable research to define the best business processes. They gather 
requirements of leading organizations within the same industry and combine 
them with findings from research institutions and consultants. The individual 
application modules included in the ERP system are then designed to support 

best practices: The most efficient these best practices, the most efficient and effective ways to complete a busi- 

and effective ways to complete a ness process. Thus, implementation of an ERP system ensures work processes 

business: process: will be based on industry best practices. For example, for managing customer 
payments, the ERP system’s finance module can be configured to reflect the 
most efficient practices of leading companies in an industry. This increased 
efficiency ensures that everyday business operations follow the optimal chain 
of activities, with all users supplied the information and tools they need to 
complete each step. 

Prime Meats has been providing high-quality, aged steaks to steakhouses and 
other restaurants around the country for more than 25 years. The Atlanta-based 
company now also offers its USDA Prime and Choice quality steaks directly to 
consumers through its e-commerce Web site. When Prime Meats first launched 
its Web site, the company found success with its new business model, but it 
also found challenges as its existing systems were unable to keep up with the 
company’s growth. To overcome these challenges, Prime Meats implemented 
an ERP system, SAP Business One, that offered the company flexible, fully inte- 
grated end-to-end business and accounting software along with prepackaged 
industry best practice functionality for handling the specific pricing, packaging, 
and delivery requirements of an online meat business.’* 


Opportunity to Upgrade and Standardize Technology Infrastructure 
When implementing an ERP system, an organization has an opportunity to 
upgrade the information technology (such as hardware, operating systems, and 
databases) that it uses. While centralizing and formalizing these decisions, the 
organization can eliminate the hodgepodge of multiple hardware platforms, 
operating systems, and databases it is currently using—most likely from a 
variety of vendors. Standardizing on fewer technologies and vendors reduces 
ongoing maintenance and support costs as well as the training load for those 
who must support the infrastructure. 
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Whirlpool is the world’s leading manufacturer of home appliances, with 
$21 billion in sales and over 92,000 employees who work at 65 different man- 
ufacturing and technology research centers.’? While the company has utilized 
a collection of ERP systems across its global operations for years, the com- 
pany ultimately decided it need to undertake a complete overhaul of its ERP 
entire infrastructure, with the goal of creating a new operational backbone 
to support the company’s growth for the next decade. As Whirlpool imple- 
mented next-generation SAP ERP software, the company also updated its ERP 
infrastructure to a hybrid cloud system hosted by IBM. As part of the project, 
Whirlpool’s IT team spent time cleaning up duplicate and inaccurate data, a 
result of years of cumulative and regionalized ERP system customizations.” 


Leading ERP Systems 


ERP systems are commonly used in manufacturing companies, colleges and 
universities, professional service organizations, retailers, and healthcare orga- 
nizations. The business needs for each of these types of organizations varies 
greatly. In addition, the needs of a large multinational organization are far dif- 
ferent from the needs of a small, local organization. Thus, no one ERP software 
solution from a single vendor is “best” for all organizations. For example, MIE 
Trak PRO, which is designed for manufacturers, allows companies to manage 
the entire production cycle, with the ability to customize the elements. Plus & 
Minus is an integrated ERP focusing on a single-file system, which would suit 
a smaller organization.” See Figure 10.8. 
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FIGURE 10.8 
ERP software 
Mie Trak PRO ERP software focuses on manufacturing businesses. 


Large organizations were the leaders in adopting ERP systems as only they 
could afford the associated large hardware and software costs and dedicate 
sufficient people resources to the implementation and support of these sys- 
tems. Many large company implementations occurred in the early 2000s and 
involved installing the ERP software on the organizations’ large mainframe 
computers. In many cases, this required upgrading the hardware at a cost of 
millions of dollars. 

Smaller organizations moved to ERP systems about 10 years after larger 
organizations did. The smaller firms simply could not afford the investment 
required in hardware, software, and people to implement and support ERP. 
However, ERP software vendors gradually created new ERP solutions with 
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much lower start-up costs and faster, easier implementations. Some ERP ven- 
dors introduced cloud-based solutions, which further reduced the start-up costs 
by eliminating the need to purchase expensive ERP software and make major 
hardware upgrades. Instead, with a cloud-based solution, organizations can 
subscribe to the software and run it on the cloud-based hardware. Plex, Net- 
Suite, and Sage Intacct are three of the many cloud-based ERP solutions that 
enable users to access an ERP application using a Web browser and avoid 
paying for and maintaining expensive hardware. 

As an alternative, many organizations elect to implement open-source ERP 
systems from vendors such as Compiere.”” With open-source software, organi- 
zations can see and modify the source code to customize it to meet their needs. 
Such systems are much less costly to acquire and are relatively easy to modify 
to meet business needs. 

Organizations frequently need to customize the vendor’s ERP software to 
integrate other business systems, to add data fields or change field sizes, or to 
meet regulatory requirements. A wide range of software service organizations 
can perform the system development and maintenance. 


Supply Chain Management (SCM) 


An organization can use an ERP system within a manufacturing organization to 
support what is known as supply chain management (SCM), which includes 
planning, executing, and controlling all activities involved in raw material 
sourcing and procurement, conversion of raw materials to finished products, 
and the warehousing and delivery of finished product to customers. The goal 
of SCM is to decrease costs and improve customer service, while at the same 
time reducing the overall investment in inventory in the supply chain. 

Another way to think about SCM is that it involves managing materials, 
information, and finances as they move from supplier to manufacturer to 
wholesaler to retailer to consumer. The materials flow includes the inbound 
movement of raw materials from supplier to manufacturer as well as the 
outbound movement of finished product from manufacturer to wholesaler, 
retailer, and customer. The information flow involves capturing and transmit- 
ting orders and invoices among suppliers, manufacturers, wholesalers, retail- 
ers, and customers. The financial flow consists of payment transactions among 
suppliers, manufacturers, wholesalers, retailers, customers, and their financial 
institutions. 

Manufacturing ERP systems follow a systematic process for developing a 
production plan that draws on the information available in the ERP system 
database. 

The process starts with sales forecasting to develop an estimate of future 
customer demand. This initial forecast is at a fairly high level, with estimates 
made by product group rather than by each product item. The sales forecast 
extends for months into the future; it might be developed using an ERP soft- 
ware module or produced by other means, using specialized software and tech- 
niques. Many organizations are moving to a collaborative process with major 
customers to plan future inventory levels and production rather than relying 
on an internally generated sales forecast. 

The sales and operations plan (SGOP) takes demand and current inven- 
tory levels into account and determines the specific product items that 
need to be produced as well as when to meet the forecast future demand. 
Production capacity and any seasonal variability in demand must also be 
considered. 

Demand management refines the production plan by determining the 
amount of weekly or daily production needed to meet the demand for indi- 
vidual products. The output of the demand management process is the master 
production schedule, which is a production plan for all finished goods. 
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Detailed scheduling uses the production plan defined by the demand 
management process to develop a detailed production schedule that specifies 
production scheduling details such as which item to produce first and when 
production should be switched from one item to another. A key decision is 
how long to make the production runs for each product. Longer production 
runs reduce the number of machine setups required, thus reducing production 
costs. Shorter production runs generate less finished product inventory and 
reduce inventory holding costs. 

Materials requirement planning (MRP) determines the amount and timing 
for placing raw material orders with suppliers. The types and amounts of raw 
materials required to support the planned production schedule are determined 
by the existing raw material inventory and the bill of materials (BOM), which 
serves as a recipe of ingredients needed to make each item. The quantity of 
raw materials to order also depends on the lead time and lot sizing. Lead time 
is the amount of time it takes from the placement of a purchase order until 
the raw materials arrive at the production facility. Lot size refers to the discrete 
quantities that the supplier will ship, which can result in purchasing complex- 
ities if those amounts don’t line up with quantities that are economical for the 
manufacturer to receive or store. For example, a supplier might ship a certain 
raw material in units of 80,000-pound rail cars. The producer might need 
95,000 pounds of the raw material. A decision must be made to order one or 
two rail cars of the raw material. 

Purchasing uses the information from MRP to place purchase orders for 
raw materials with qualified suppliers. Typically, purchase orders are released 
so that raw materials arrive just in time to be used in production and to min- 
imize warehouse and storage costs. Often, producers will allow suppliers to 
tap into data via an extranet that enables them to determine what raw mate- 
rials the producer needs, minimizing the effort and lead time to place and fill 
purchase orders. 

Production uses the high-level production schedule to plan the details of 
running and staffing the production operation. This more detailed schedule 
takes into account employee, equipment, and raw material availability, along 
with detailed customer demand data. 

Sales ordering is the set of activities that must be performed to capture a 
customer sales order. Essential sales order steps include recording the items 
to be purchased, setting the sales price, recording the order quantity, deter- 
mining the total cost of the order including delivery costs, and confirming the 
customer’s available credit. If the item(s) the customer wants to order are out 
of stock, the sales order process should communicate this fact and suggest 
other items to substitute for the customer’s initial choice. Setting sales prices 
can be quite complicated and can include quantity discounts, promotions, 
and incentives. After the total cost of the order is determined, a company 
must check the customer’s available credit to see if this order is within the 
credit limit. 

ERP systems do not work directly with manufacturing machines on the 
production floor, so they need a way to capture information about what was 
produced. This data must be passed to the ERP accounting modules to keep an 
accurate count of finished product inventory. Many companies have computers 
on the production floor, which are used to track the number of cases of each 
product item produced, typically by having a worker scan a barcode, QR code, 
or similar standard identifier on the packing cases used to ship the material. 
Other approaches for capturing production quantities include using RFID chips 
and manually entering the data. 

Separately, production quality data can be added based on the results of 
quality tests run on a sample of the product for each batch of product pro- 
duced. Typically, this data includes the batch identification number, which 
identifies the production run and the results of various product quality tests. 
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Accurate predictions are crucial for the planning required to profitably 
manage the complex operations of a manufacturing plant. One heavy machin- 
ery manufacturer, however, recently found that its product demand forecasting 
had an accuracy variance of plus or minus 20 percent—well outside the accept- 
able control limits set by the company. Evalueserve, a provider of research, ana- 
lytics, and data management services, worked with the manufacturing company 
to develop algorithms that analyzed key sales and macroeconomic variables 
to identify the primary drivers for production and demand for the company’s 
products. The variables evaluated included current and historical sales, GDP 
per capita, housing starts, construction indices, warranty claims, and dealer 
density—among others. Using this new data model, the manufacturer was able 
to bring the forecasting variance down to plus or minus four percent, resulting 
in a more efficient supply chain with fewer lost sales opportunities along with 
lower overall inventory levels.” 


Customer Relationship Management 


A customer relationship management (CRM) system helps a company man- 
age all aspects of customer encounters, including marketing, sales, distribution, 
accounting, and customer service. See Figure 10.9. Think of a CRM system as 
an address book with a historical record of all the organization’s interactions 
with each customer. The goal of CRM is to understand and anticipate the needs 
of current and potential customers to increase customer retention and loyalty 
while optimizing the way that products and services are sold. CRM is used 
primarily by people in the sales, marketing, distribution, accounting, and ser- 
vice organizations to capture and view data about customers and to improve 
communications. Businesses implementing CRM systems often report benefits 
such as improved customer satisfaction, increased customer retention, reduced 
operating costs, and the ability to meet customer demand. 


Means of communication 
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CRM software automates and integrates the functions of sales, marketing, 
and service in an organization. The objective is to capture data about every 
contact a company has with a customer through every channel and to store it 
in the CRM system so that the company can truly understand customer actions. 
CRM software helps an organization build a database about its customers that 
describes relationships in sufficient detail so that management, salespeople, 
customer service providers, and even customers can access information to 
match customer needs with product plans and offerings, remind them of service 
requirements, and report on the other products the customers have purchased. 

Small, medium, and large organizations in a wide variety of industries choose 
to implement CRM for many reasons, depending on their needs. Expensify is a 
financial services firm that provides online expense-management services for cus- 
tomers around the world. The company has grown quickly since it was founded 
in San Francisco in 2008, and it recently opened a London office to support its 
expansion into the European market. As a start-up, Expensify’s initial attempts at 
CRM were built around an Excel spreadsheet. Before long, the company shifted to 
Google Apps’ CRM tools, but soon found those could not handle its increasing vol- 
ume of customer data. Eventually, the company implemented a customizable CRM 
system, Apollo, that provides all the tools Expensify’s sales and customers service 
teams require—without the need to manage and coordinate workflows in other 
systems. Expensify’s top priorities for the CRM system included automated and 
customizable lead-prioritization tools, the ability to track all sales communication 
within one system, and the ability to generate in-depth reports to identify areas 
of opportunity within a geographic region as well as for individual salespeople.” 

The key features of a CRM system include the following: 


e Contact management. The ability to track data on individual customers 
and sales leads and then access that data from any part of the organization. 

e Sales management. The ability to organize data about customers and 
sales leads and then to prioritize the potential sales opportunities and 
identify appropriate next steps. 

e Customer support. The ability to support customer service representa- 
tives so that they can quickly, thoroughly, and appropriately address cus- 
tomer requests and resolve customer issues while collecting and storing 
data about those interactions. 

e Marketing automation. The ability to capture and analyze all customer 
interactions, generate appropriate responses, and gather data to create 
and build effective and efficient marketing campaigns. 

e Analysis. The ability to analyze customer data to identify ways to 
increase revenue and decrease costs, identify the firm’s “best customers,” 
and determine how to retain and find more of them. 

e Social networking. The ability to create and join sites such as Facebook 
and Instagram, where the company can make contacts with potential 
customers. 

e Access by mobile devices. The ability to access Web-based customer 
relationship management software by smartphones, tablets, and other 
mobile devices. 

e Import contact data. The ability for users to import contact data from 
various data service providers that can be downloaded for free directly 
into the CRM application. 


The focus of CRM involves much more than installing new software. Mov- 
ing from a culture of simply selling products to placing the customer first is 
essential to a successful CRM deployment. Before any software is loaded onto 
a computer, a company must retrain employees. Who handles customer issues 
and when must be clearly defined, and computer systems need to be integrated 
so that all pertinent information is available immediately, whether a customer 
calls a sales representative or a customer service representative. 
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Nu Skin Enterprises is a $2 billion direct sales organization that develops 
and distributes nutritional supplements and personal care products through a 
network of more than 73,000 independent sales distributors. The company’s call 
center agents are the key point of contact between the company and its custom- 
ers and distributors; however, rapid turnover of call center staff and three dis- 
connected customer contact tools meant that many customers became quickly 
frustrated during their interactions with the company. A solution to Nu Skin’s 
customer service challenges came in the form of a CRM system from SAP, which 
was integrated with the company’s existing SAP ERP system to provide agents 
immediate access to customer sales histories. Nu Skin call center employees 
now use social media and technology to recruit and manage customers. With a 
recent move of the technology core to the cloud, Nu Skin Enterprises anticipates 
an increase in speed and capacity, offering improved flexibility for customers.” 

Table 10.3 lists a few highly rated CRM systems.” 


TABLE 10.3 Highly rated CRM systems 


Vendor/Product Select Customers Pricing Starts at 

Zoho CRM Amazon $12-$35 per user/month 
Netflix 

Apptivo CRM Idea Helix $8-$20 per user/month 
OnTrack Rewards 

HubSpot CRM Nectafy Basic—free 
Stafford Global Extras—additional $6-$100 per 

user/month 

Freshsales CRM Ikohaha.com $12-$79 per user/month 
Offset Solar 

Insightly CRM Global Presence Alliance $29-$99 per user/month 
Discount 

Pipedrive CRM Eye Hospital Denmark $12-$49 per user/month 
Canine Protection 
International 

Salesforce Sales Dell $25 per user/month 

Cloud Dr. Pepper Snapple 


Due to the popularity of mobile devices, shoppers can easily compare prod- 
ucts and prices on their mobile phones and instantly tweet their experiences 
with a brand to dozens of friends. Savvy retailers today use their CRM systems 
to stay on top of what these customers are saying on social networks. BART, 
the well-known San Francisco Bay area transit system, serves over 420,000 
riders a day. Disruptions on BART, especially at rush hour, can ripple through 
the entire community very quickly. Customer fares constitute the majority of 
BART’s funding, so responding quickly to incidents and managing customer 
expectations is critical not only to the community but to the financial stability 
of the transit line. They implemented a customer engagement platform using 
Salesforce’s CRM social module: Social Studio. By using the features of Social 
Studio, they have been able to respond more quickly to issues and be more 
transparent with their customers. BART also analyzes the social data collected 
to support decisions in areas like parking and upgrades. 


Product Lifecycle Management (PLM) 


Product lifecycle management (PLM) is an enterprise business strategy that 
creates a common repository of product information and processes to support 
the collaborative creation, management, dissemination, and use of product and 
packaging definition information. 
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product lifecycle management 
(PLM) software: Software that 
provides a means for managing 

the data and processes associated 
with the various phases of the 
product lifecycle, including sales and 
marketing, research and development, 
concept development, product design, 
prototyping and testing, process 
design, production and assembly, 
delivery and product installation, 
service and support, and product 
retirement and replacement. 


computer-aided design 
(CAD): The use of software to 
assist in the creation, analysis, 
and modification of the design of a 
component or product. 


computer-aided engineering 
(CAE): The use of software 

to analyze the robustness and 
performance of components and 
assemblies. 


Product lifecycle management (PLM) software provides a means for man- 
aging the data and processes associated with the various phases of the product 
lifecycle, including sales and marketing, research and development, concept devel- 
opment, product design, prototyping and testing, manufacturing process design, 
production and assembly, delivery and product installation, service and support, 
and product retirement and replacement. See Figure 10.10. As products advance 
through these stages, product data is generated and distributed to various groups 
both within and outside the manufacturing firm. This data includes design and 
process documents, bill of material definitions, product attributes, product for- 
mulations, and documents needed for FDA and environmental compliance. PLM 
software provides support for the key functions of configuration management, 
document management, engineering change management, release management, 
and collaboration with suppliers and original equipment manufacturers (OEMs). 
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FIGURE 10.10 
Scope of PLM software 
Using PLM software, organizations can manage the data and processes associated with the 
various phases of the product lifecycle. 


The scope of PLM software may include computer-aided design, computer- 
aided engineering, and computer-aided manufacturing. Computer-aided 
design (CAD) is the use of software to assist in the creation, analysis, and 
modification of the design of a component or product. Its use can increase the 
productivity of the designer, improve the quality of design, and create a data- 
base that describes the item. This data can be shared with others or used in the 
machining of the part or in other manufacturing operations. Computer-aided 
engineering (CAE) is the use of software to analyze the robustness and 
performance of components and assemblies. CAE software supports the 
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computer-aided manufacturing 
(CAM): The use of software to control 
machine tools and related machinery 
in the manufacture of components and 
products. 


CAD, CAE, and CAM software 
In manufacturing, the model 
generated in CAD and verified 

in CAE can be entered into CAM 
software, which then controls the 
machine tool. 


FIGURE 10.12 
PLM business strategy 
PLM powers innovation and 
improves productivity. 
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simulation, validation, and optimization of products and manufacturing tools. 
CAE is extremely useful to design teams in evaluating and decision making. 
Computer-aided manufacturing (CAM) is the use of software to control 
machine tools and related machinery in the manufacture of components and 
products. The model generated in CAD and verified in CAE can be input into 
CAM software, which then controls the machine tool. See Figure 10.11. 
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Some organizations elect to implement a single, integrated PLM system that 
encompasses all the phases of the product lifecycle with which it is most concerned. 
Other organizations implement multiple, separate PLM software components from 
different vendors over time. This piecemeal approach enables an organization to 
choose the software that best meets it needs for a particular phase in the product 
lifecycle. It also allows for incremental investment in the PLM strategy. However, it 
may be difficult to link all the various components together in such a manner that 
a single comprehensive database of product and process data is created. 

Use of an effective PLM system enables global organizations to work as a 
single team to design, produce, support, and retire products, while capturing 
best practices and lessons learned along the way.” PLM powers innovation 
and improves productivity by connecting people across global product devel- 
opment and manufacturing organizations with the product and process knowl- 
edge they need to succeed. See Figure 10.12. 
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discrete manufacturing: The 
production of distinct items such as 
autos, airplanes, furniture, or toys that 
can be decomposed into their basic 
components. 


process manufacturing: The 
production of products—such as 

soda, laundry detergent, gasoline, and 
pharmaceutical drugs—that are the 
result of a chemical process; these 
products cannot be easily decomposed 
into their basic components. 


PLM software and its data are used by both internal and external users. 
Internal users include engineering, operations and manufacturing, procure- 
ment and sourcing, manufacturing, marketing, quality assurance, customer 
service, regulatory, and others. External users include the manufacturer’s 
design partners, packaging suppliers, raw material suppliers, and contract 
manufacturers. These users must collaborate to define, maintain, update, 
and securely share product information throughout the lifecycle of the 
product. Frequently, these external users are asked to sign nondisclosure 
agreements to reduce the risk of proprietary information being shared with 
competitors. 

Based in Fort Collins, Colorado, Water Pik develops and sells a variety of 
personal and oral healthcare products under the Water Pik brand. The com- 
pany prides itself on innovation and since its founding in 1962, Water Pik has 
acquired more than 500 patents. Over time, the company’s approach to man- 
aging its product information through traditional directory structures on file 
systems was resulting in an increasing number of inefficiencies in Water Pik’s 
development and manufacturing processes. To better manage its CAD product 
data, Water Pik chose to implement ProductCenter PLM software. The com- 
pany now uses the software to manage product information—which is secured 
through permissions—for three of its four main product lines. Water Pik also 
uses the software to manage all of its business processes, which are automati- 
cally set to expire every two years, triggering a review and update process that 
helps the company ensure that its procedures are current and compliant with 
various industry standards.” 

Table 10.4 presents a list of some popular PLM software products.” 


TABLE 10.4 Popular PLM software products 


Primary PLM 

Organization Software Product Technology Model Select Customers 

Infor PLM Optiva On-premise solution Henkel, Sypris 

PTC Windchill SaaS solution Medco Equipment, 
InterCcomm 

SAP PLM On-premise solution Porsche, 
Anadarko 
Petroleum 

Siemens Teamcenter PLM On-premise solution Procter & Gamble, 
BAE Systems 


PLM software is created for two broad categories of manufacturing: discrete 
manufacturing and process manufacturing. Discrete manufacturing is the 
production of distinct items such as autos, airplanes, furniture, or toys that can 
be decomposed back into their basic components. Process manufacturing is 
the production of products—such as soda, laundry detergent, gasoline, and 
pharmaceutical drugs—that are the result of a chemical process; these prod- 
ucts cannot be easily decomposed back into their basic components. Within 
these two broad categories, PLM software manufacturers specialize in specific 
industries such as aircraft manufacturing, consumer goods manufacturing, or 
drug manufacturing. 

Table 10.5 outlines the benefits a business can realize when using a PLM 
system effectively. 
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TABLE 10.5 Benefits of a PLM system 


Benefit How Achieved 


Reduce time to market s 
e 
Reduce costs z 
e 
e 


Ensure regulatory compliance ® 


By connecting design, research and development, procurement, manufacturing, 
and customer service seamlessly through a flexible collaboration environment 
By improving collaboration among the organization and its suppliers, contract 
manufacturers, and OEMs 


By reducing prototyping costs through the use of software simulation 
By reducing scrap and rework through improved processes 
By reducing the number of product components through standardization 


By providing a secure repository, tracking and audit trails, change and document 
management controls, workflow and communications, and improved security 


An example of benefits a business can receive comes from Electrolux, a 
large manufacturer of commercial and consumer appliances, based in Sweden. 
They have 58,000 employees spread across 46 production sites. Brands they 
manufacture include AEG, Westinghouse, and Frigidaire. In a move towards fur- 
ther digitization of the product development lifecycle, Electrolux began review- 
ing PLM solutions in 2010. They chose Siemens PLM software, Teamcenter, and 
began rollout in 2012. They added 3-D layout simulation modules starting with 
a pilot in 2016, enabling them to create low cost simulations for various pro- 
duction scenarios and test for feasibility. This technology dramatically decreases 
the costs and time required to develop and deploy process innovations. Since 
then, they have been rolling out additional phases worldwide.*° 


Through their efforts, Electrolux has saved over $2 million by fine-tuning 
their production lines, and is succeeding in their goals to ‘create glob- 
ally uniform production facilities and assembly processes’ and ‘achieve 
higher efficiency in the assembly process and material flow’. They have also 
decreased errors and delays in production and in building new plants.*! 


Software Product Planning and Development 


Much of the PLM software discussed in this chapter is used extensively in the 
manufacturing industry; however, software companies also make use of PLM 
software to streamline their product planning and development efforts. For 
instance, enterprise solutions such as JIRA, Asana, and Aha! are three such tools 
used by engineering and product teams to document and manage the tasks 
necessary for building and delivering their products to market. They are used 
to support both agile and waterfall software development methodologies. Agile 
is a very iterative process of defining and managing the completion of product 
requirements. The waterfall approach is a process that requires all the detail 
and requirements up front prior to beginning the build. 

Nevertheless, the challenges and benefits are still consistent with that of 
physical product development and manufacturing. The greatest value being 
that systems like JIRA and Asana provide a robust way for engineers, product 
managers, and the executive team to monitor the product roadmap and manage 
associated development tasks. 


Overcoming Challenges in Implementing Enterprise Systems 


Implementing an enterprise system, particularly for a large organization, is 
extremely challenging and requires tremendous amounts of resources, the best 
IS and businesspeople, and plenty of management support. In spite of all this, 
many enterprise system implementations fail, and problems with an enterprise 
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system implementation can require expensive solutions. The following is a 
sample of major enterprise system implementation project failures: 


e Failed technology implementation by SAPs R/3 ERP software caused 
major problems for Hershey. The supply chain process caused Hershey 
to miss delivering $100 million worth of Kisses for Halloween, causing 
the stock to dip 8 percent.*? 

e MillerCoors, a global beverage company, decided to replace the seven dif- 
ferent instances of their SAP ERP systems with one consolidating instance 
in 2014, after years of industry consolidation. They hired an IT services 
firm to roll out the new system. The implementation did not go smoothly. 
The first phase resulted in 8 “critical” defects and 47 high-severity ones. 
By early 2017, MillerCoors was suing the consulting company for $100 
million. The consulting company counter-sued saying that MillerCoors was 
to blame for the delay and problem with the project. They settled the case 
at the end of 2018 after a long “negotiation process” in the court system. 

e Revlon, the famous cosmetics manufacturer, was in need of an enterprise- 
wide system after the acquisition of Elizabeth Arden, Inc. They decided 
on the SAP HANA option at the end of 2016. The disastrous rollout cost 
Revlon millions of dollars in lost sales, which they blamed on the lack of 
effective implementation controls. The situation eventually led to a steep 
decline in stock value and a suit brought on by Revlon’s own stockholders. 


Twenty-one percent of ERP implementations worldwide evaluated by 
Panorama, an ERP consulting firm, were judged to be failures. Table 10.6 lists 
and describes the most significant challenges to successful implementation of 
an enterprise system.” 


TABLE 10.6 Challenges to successful enterprise system implementation 


Challenge Description 


Cost and disruption of upgrades Most companies have other systems that must be integrated with the enterprise 
system, such as financial analysis programs, e-commerce operations, and other 
applications that communicate with suppliers, customers, distributors, and other 
business partners. Integration of multiple systems adds time and complexity to an 
ERP implementation. 


Cost and long implementation The average ERP implementation cost in the millions with an average project 
lead time duration of over a year. 
Difficulty in managing change Companies often must radically change how they operate to conform to the 


enterprise work processes. These changes can be so drastic to longtime employees 
that they depart rather than adapt to the change, leaving the firm short of 
experienced workers. 


Management of software The base enterprise system may need to be modified to meet mandatory business 

customization requirements. System customizations can become extremely expensive and further 
delay implementation. 

User frustration with the new Effective use of an enterprise system requires changes in work processes and in 

system the details of how work gets done. Many users initially balk at these changes and 


require extensive training and encouragement. 


The following list provides tips for avoiding many common causes for 
failed enterprise system implementations: 


e Assign a full-time executive to manage the project. 

e Appoint an experienced, independent resource to provide project 
oversight and to verify and validate system performance. 

e Allow sufficient time to transition from the old way of doing things to 
the new system and new processes. 
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e Allocate sufficient time and money for training staff; many project man- 
agers recommend budgeting 30-60 days per employee for training. 

e Define metrics to assess project progress and to identify project-related risks. 

e Keep the scope of the project well defined and contained to essential 
business processes. 

e Be wary of modifying the enterprise system software to conform to your 
firm’s business practices. 

e Focus on documenting existing workflows before implementing and 
working directly with key stakeholders, so they understand and buy into 
the changes that will ultimately be implemented. 

e Keep in mind that the best systems require little change to existing workflow 
as it relates to user input/effort while eliminating the biggest pain points. 


Hosted Software Model for Enterprise Software 


Many business application software vendors have migrated much of their offer- 
ings to a hosted software model. The goal is to help customers acquire, use, 
and benefit from new technology while avoiding much of the associated com- 
plexity and high start-up costs. Applicor, Intacct, NetSuite, SAP, and Workday 
are among the software vendors who offer hosted versions of their ERP or CRM 
software at a cost of $50 to $200 per month per user. There are three types 
of hosted software: on premises, cloud-based, and hybrid, which combines 
on-premises and cloud-based applications.** 

This pay-as-you-go approach is appealing because organizations can exper- 
iment with powerful software capabilities without making a major financial 
investment. Organizations can then dispose of the software without large 
investments if the software fails to provide value or otherwise misses expecta- 
tions. Also, using the hosted software model means the business firm does not 
need to employ a full-time IT person to maintain key business applications. The 
business firm can expect additional savings from reduced hardware costs and 
costs associated with maintaining an appropriate computer environment (such 
as air conditioning, power, and an uninterruptible power supply). 

Table 10.7 lists the advantages and disadvantages of hosted software. 


TABLE 10.7 Advantages and disadvantages of hosted software model 


Advantages Disadvantages 


Decreased total cost of ownership Potential availability and reliability issues 
Faster system start-up Potential data security issues 
Lower implementation risk Potential problems integrating the hosted 


products of different vendors 


Management of systems outsourced Savings anticipated from outsourcing may 
to experts be offset by increased effort to manage 
vendor 


LoneStar Heart is a California company that researches and develops 
restorative therapies and technologies for patients with advanced heart fail- 
ure. In its early years as a start-up company, LoneStar relied on a paper-based 
approach to document control that resulted in researchers spending extensive 
time searching and managing product documentation—taking them away from 
their critical design and development work. To gain efficiencies in its develop- 
ment processes and free up time for its research and development team, Lon- 
eStar eventually decided to implement a cloud-based PLM that would support 
employees in the company’s facilities as well as those who work remotely. 
The PLM system from Omnify Software offered LoneStar a secure, yet easily 
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accessible centralized product information database and the tools it required 
to maintain compliant with the extensive set of FDA regulations governing its 
work. By using a cloud-based PLM, LoneStar efficiencies in product develop- 
ment processes resulted in an estimated $80,000 in savings.’ 


Critical Implementing CRM 


Thinking © SYSTEMS AND PROCESSES, APPLICATION 
Exercise 


SalesTeam is a mid-sized company that specializes in providing outsourced sales 
resources to companies within the life sciences industry that are in need of 
additional sales staff to assist with major promotions or to cover gaps resulting 
from turnover. SalesTeam was founded three years ago and has grown quickly 
since then. 

SalesTeam’s outsourced salespeople prospect, cultivate, and close new business 
for clients just as they would if they worked directly for the client. Each month, 
the salesperson is required to submit documentation to SalesTeam’s director of 
outsourcing regarding the number of calls that they made, the number of meetings 
they had with potential clients, and the status of their sales prospects.. SalesTeam 
then compile the information in Excel spreadsheets to pass on to the client. These 
reports allow SalesTeam’s management and the client to determine how sales are 
progressing and ensure that the salesperson is achieving their goals. 

However, some clients have complained that they cannot easily upload the 
information into their systems, or that the information in the spreadsheets is incom- 
plete. As a result, clients are missing sales opportunities. The leadership at Sales- 
Team has determined that they need a more sophisticated and automated way 
to track and report on their employees’ activities to enhance the quality of their 
communication with clients and to improve the results of their sales team. 


Review Questions 


1. How should SalesTeam determine the requirements of a CRM system for its 
business? 

2. What additional activities will SalesTeam salespeople likely be able to perform 
with a CRM application that they could not perform before? 


Critical Thinking Questions 

1. You have been tasked with gathering the requirements for the new system to 
ensure that the new CRM software will help SalesTeam achieve the stated objec- 
tives. Which stakeholders would you meet with to determine the requirements? 
Why would you meet with these stakeholders? 

2. The cost of a CRM application can vary significantly depending upon the size of 
the company and the desired features. What would you include in the financial 
analysis of a CRM? 


Principle: 


An organization must have information systems that support routine, 
day-to-day activities and that help a company add value to its products 
and services. 

Transaction processing systems (TPSs) are at the heart of most informa- 
tion systems in businesses today. A TPS is an organized collection of people, 
procedures, software, databases, and devices used to capture fundamental data 
about events that affect the organization (transactions) and that use that data 
to update the official records of the organization. 
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The methods of TPSs include batch and online processing. Batch process- 
ing involves the collection of transactions into batches, which are entered into 
the system at regular intervals as a group. Online transaction processing (OLTP) 
allows transactions to be processed as they occur. 

Organizations expect TPSs to accomplish a number of specific objectives, 
including processing data generated by and about transactions, maintaining 
a high degree of accuracy and information integrity, compiling accurate and 
timely reports and documents, increasing labor efficiency, helping provide 
increased and enhanced service, and building and maintaining customer loy- 
alty. In some situations, an effective TPS can help an organization gain a com- 
petitive advantage. 

Order processing systems capture and process customer order data—from 
the receipt of the order through creation of a customer invoice. 

Accounting systems track the flow of data related to all the cash flows that 
affect the organization. 

Purchasing systems support the inventory control, purchase order process- 
ing, receiving, and accounts payable business functions. 

Organizations today, including SMEs, typically implement an integrated 
set of TPSs from a single or limited number of software vendors to meet their 
transaction processing needs. 

All TPSs perform the following basic activities: data collection, which 
involves the capture of source data to complete a set of transactions; data edit- 
ing, which checks for data validity and completeness; data correction, which 
involves providing feedback regarding a potential problem and enabling users 
to change the data; data processing, which is the performance of calculations, 
sorting, categorizing, summarizing, and storing data for further processing; data 
storage, which involves placing transaction data into one or more databases; 
and document production, which involves outputting electronic or hard-copy 
records and reports. 


Principle: 


An organization that implements an enterprise system is creating a highly 
integrated set of systems, which can lead to many business benefits. 

Enterprise resource planning (ERP) software supports the efficient oper- 
ation of business processes by integrating activities throughout a business, 
including sales, marketing, manufacturing, logistics, accounting, and staffing. 

Implementing an ERP system can provide many advantages, including 
allowing access to data for operational decision making; eliminating costly 
and inflexible legacy systems; providing improved work processes; creating 
the opportunity to upgrade technology infrastructure; and creating access to 
data for generating insights through the use of analytics, artificial intelligence 
(AD, and machine learning. 

Some of the disadvantages associated with ERP systems are that they are 
time consuming, difficult, and expensive to implement; they can also be diffi- 
cult to integrate with other systems. 

No one ERP software solution is “best” for all organizations. MIE TRAC PRO 
and Plus & Minus are examples of different ERP suppliers. 

Although the scope of ERP implementation can vary, most manufactur- 
ing organizations use ERP to support the supply chain management (SCM) 
activities of planning, executing, and controlling all activities involved in raw 
material sourcing and procurement, conversion of raw materials to finished 
products, and the warehousing and delivery of finished product to customers. 

The production and supply chain management process starts with sales 
forecasting to develop an estimate of future customer demand. This initial 
forecast is at a fairly high level, with estimates made by product group rather 
than by individual product item. The sales and operations plan (S&OP) takes 
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demand and current inventory levels into account and determines the specific 
product items that need to be produced as well as when to meet the forecast 
future demand. Demand management refines the production plan by determin- 
ing the amount of weekly or daily production needed to meet the demand for 
individual products. Detailed scheduling uses the production plan defined by 
the demand management process to develop a detailed production schedule 
that specifies details such as which item to produce first and when production 
should be switched from one item to another. Materials requirement planning 
determines the amount and timing for placing raw material orders with sup- 
pliers. Purchasing uses the information from materials requirement planning 
to place purchase orders for raw materials and transmit them to qualified sup- 
pliers. Production uses the detailed schedule to plan the logistics of running 
and staffing the production operation. Sales ordering is the set of activities 
that must be performed to capture a customer sales order. The individual 
application modules included in the ERP system are designed to support best 
practices, the most efficient and effective ways to complete a business process. 

Organizations are implementing customer relationship management (CRM) 
systems to manage all aspects of customer encounters, including marketing, 
sales, distribution, accounting, and customer service. The goal of CRM is to 
understand and anticipate the needs of current and potential customers to 
increase customer retention and loyalty while optimizing the way products 
and services are sold. 

Manufacturing organizations are implementing product lifecycle manage- 
ment (PLM) software to manage the data and processes associated with the vari- 
ous phases of the product lifecycle, including sales and marketing, research and 
development, concept development, product design, prototyping and testing, 
manufacturing process design, production and assembly, delivery and prod- 
uct installation, service and support, and product retirement and replacement. 
These systems are used by both internal and external users to enable them to 
collaborate and capture best practices and lessons learned along the way. 

The most significant challenges to the successful implementation of an 
enterprise system include the cost and disruption of upgrades, the cost and 
long implementation lead time, the difficulty in managing change, the man- 
agement of software customization, and user frustration with the new system. 

Business application software vendors are experimenting with the hosted 
software model to see if the approach meets customer needs and is likely 
to generate significant revenue. There are three types of hosted software: 
on-premises, cloud-based, and hybrid, which combines on-premises and cloud- 
based applications. This approach is especially appealing to SMEs due to the 
low initial cost, which makes it possible to experiment with powerful software 
capabilities. 


Principle: 


An organization must have access to data across all of its corporate func- 
tions and enterprise systems to help drive decision making. 

There have been many types of enterprises systems discussed in this chap- 
ter including, but not limited to, customer relationship management tools like 
Salesforce to transaction processing systems, PLMs, social analytics tools, and 
more. 

The key takeaway is that all these systems include valuable data that could 
be valuable not only to their own corporate function but to others as well, and 
by creating centralized repositories, the organization increases its potential for 
better operational effectiveness and efficiency. Tools like Birst and Domo are 
two leading solutions for accomplishing this. 

Machine learning and AI are playing an important role in making sense of 
all this data and in bringing insights to decision makers to act on automatically. 
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Key Terms 


batch processing system 


best practices 


computer-aided design (CAD) 


computer-aided engineering (CAE) 


computer-aided manufacturing (CAM) 


customer relationship management (CRM) system 


data collection 


data correction 


data editing 


data processing 


data storage 


il, 


Transaction processing systems (TPS) cap- 

ture and process the fundamental data about 
events that affect the organization called 

that are used to update the offi- 
cial records of the organization. 

The essential characteristic of a(n) 

transaction processing system 
is that it processes transactions as they occur. 


. Which of the following is not one of the basic 


components of a TPS? 

a. Databases 

b. Networks 

c. Procedures 

d. Analytical models 

involves providing feedback 

regarding a potential data problem and enables 

users to change the data. 

a. Data collection 

b. Data correction 

c. Data editing 

d. Data processing 

The specific business needs and goals of the 

organization define the method of transaction 

processing best suited for the various application 

of the company. True or False? 

Which of the following is not an objective of an 

organization’s batch transaction processing system? 

a. Capture, process, and update databases of 
business data required to support routine 
business activities 

b. Ensure that data is processed immediately 
upon occurrence of a business transaction 
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discrete manufacturing 


document production 


enter prise system 


online transaction processing (OLTP) 


process manufacturing 


product lifecycle management (PLM) 


product lifecycle management (PLM) software 


source data automation 


streaming 


supply chain management (SCM) 


transaction processing cycle 


Self-Assessment Test 


An organization must have information systems that 
support routine, day-to-day activities and that help 
a company add value to its products and services. 


K 


c. Avoid processing fraudulent transactions 

d. Produce timely user responses and reports 
Business data goes through a cycle that includes 
data collection, data , data cor- 
rection, data processing, data storage, and docu- 
mentation production. 

Unfortunately, there are few choices for software 
packages that provide integrated transaction 
processing system solutions for small- and 
medium-sized enterprises. True or False? 
Capturing and gathering all the data necessary to 
complete the processing of transactions is called 


An organization that implements an enterprise 
system is creating a highly integrated set of systems, 
which can lead to many business benefits. 


10. 


Small organizations were slow to adopt ERP 
systems because of the relative complexity and 
cost of implementing these systems. True or 
False? 

The individual application modules included 

in an ERP system are designed to support 

, the most efficient and effective 
ways to complete a business process. 

software helps a company man- 
age all aspects of customer encounters, including 
marketing, sales, distribution, accounting, and 
customer service. 


. The hosted software model for enterprise soft- 


ware helps customers acquire, use, and benefit 
from new technology while avoiding much of 
the associated complexity and high start-up 
costs. True or False? 
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14. is software used to analyze the and consistent data for operational decision 
robustness and performance of components and making and planning. 
assemblies. a. database 
a. PLM b. project plan 
b. CAD c. report 
c. CAE d. project chain 
d. CAM 17. A company implementing a new PLM 
15. Many multinational companies roll out standard system should do which of the following 


IS applications for all to use. However, standard 


to maximize its chances for a successful 


applications often don’t account for all the differ- 

ences among business partners and employees 

operating in other parts of the world. Which of 
the following is a frequent modification required 
for standard software? 

a. Software might need to be designed with 
local language interfaces to ensure the suc- 
cessful implementation of a new IS. 

b. Customization might be needed to handle 
date fields correctly. 

c. Users might also have to implement manual 
processes and overrides to enable systems to 
function correctly. 

d. All of the above 


An organization must have access to data across all 
of its corporate functions and enterprise systems to 
help drive decision making. 


implementation? 

a. Appoint a full-time manager to the project. 
b. Budget enough time and money to train staff. 
c. Keep the scope of the project well defined. 
d. All of the above 

Machine learning used in enterprise software 
is valuable to decision makers because it saves 
them time while also providing valuable busi- 
ness insights. True or False? 

One of the problems with machine learning is 
that it is not able to identify unique patterns. 
True or False? 

A cloud-based solution is 

than purchasing ERP software and upgrading 
hardware. 

a. more expensive 

b. less expensive 

c. no more expensive 

d. no less expensive 


18. 


16. At the core of the ERP system is a 
that is shared by all users so 
that all business functions have access to current 


Self-Assessment Test Answers 


1. transactions 11. best practices 

2. online 12. Customer relationship management (CRM) 
3. d 13. True 

4. b 14. c 

5. True 15. d 

6. b 16. a 

7. editing Iad 

8. False 18. True 

9. data collection 19. False 

10. True 20. b 


Review and Discussion Questions 


1. Provide a data processing example for which 
the use of a batch processing system to handle 
transactions is appropriate. Provide an example 
for which the use of online transaction process- 
ing is appropriate. 

2. Define supply chain management (SCM). 


3. Identify and briefly describe at least four key 
business capabilities provided by the use of a 
CRM system. 

4. What is source data automation? What benefits 
can it be expected to deliver? 
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5. Identify and briefly discuss five challenges to 


the successful implementation of an enterprise 
system. Provide several tips to overcome these 
challenges. 


. Why were SMEs slow to adopt ERP software? 


What changed to make ERP software more 
attractive for SMEs? 

Many organizations are moving to a collabora- 
tive process with their major suppliers to get 
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their input on designing and planning future 
product modification or new products. Explain 
how a PLM system might enhance such a pro- 
cess. What issues and concerns might a manu- 
facturer have in terms of sharing product data 
with suppliers? 

Explain why an enterprise solution for software 
development like JIRA is important for road- 
map planning and managing engineering tasks. 


Business-Driven Decision-Making Exercises 


1. Assume that you are the owner of a small bicycle 


sales and repair shop serving hundreds of custom- 
ers in your area. Identify the kinds of customer 
information you would like your firm’s CRM sys- 
tem to capture. How might this information be 
used to provide better service or increase revenue? 
Identify where or how you might capture this data. 


2. 


Imagine that you are a member of the 
engineering organization for an aircraft parts 
manufacturer. The firm is considering the 
implementation of a PLM system. Make a 
convincing argument for selecting a system 
whose scope includes CAD, CAE, and CAM 
software. 


Teamwork and Collaboration Activities 


1. 


With your team members, meet with several 
business managers at a firm that has imple- 
mented an enterprise system. Interview them 
to document the scope, cost, and schedule for 
the overall project. Find out why the organi- 
zation decided it was time to implement the 
enterprise system. Make a list of what the 
business managers see as the primary benefits 
of the implementation. What were the biggest 
hurdles they had to overcome? Are there any 
remaining issues that must be resolved before 


the project can be deemed a success? What 
are they? With the benefit of 20-20 hindsight, 
is there anything they would have done dif- 
ferently that could made the project go more 
smoothly? 


. As a team, do research online to identify three 


candidate PLM software packages. Based on 
information presented on each company’s Web 
site, score each alternative using a set of criteria 
your team agrees upon. Which candidate PLM 
software does your team select? 


Career Exercises 


il 


Initially thought to be cost-effective for only 
very large companies, enterprise systems are 
now being implemented in SME’s to reduce 
costs, improve service, and increase sales rev- 
enue. A firm’s finance and accounting person- 
nel play a dual role in the implementation of 
such a system: (1) they must ensure a good 
payback on the investment in information sys- 
tems and (2) they must also ensure that the 
system meets the needs of the finance and 
accounting organization. Identify three or four 
tasks that the finance and accounting people 


need to perform to ensure that these two 
goals are met. 

Enterprise system software vendors need busi- 
ness systems analysts who understand both 
information systems and business processes. 
Make a list of six or more specific qualifications 
needed to be a strong business systems analyst 
who supports the implementation and conver- 
sion to an enterprise system within an SME. Are 
there additional/different qualifications needed 
for someone who is doing similar work but for a 
large multinational organization? 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


398 PART 3 © Business Information Systems 


2 SYSTEMS AND PROCESSES, APPLICATION 


Wester Digital Implements New ERP System 
Western Digital, a developer of storage devices and solu- 
tions, has grown dramatically since it was established in 
1970. Based in San Jose, California, they employ more than 
61,000 with locations around the world. Much of their 
growth has occurred through mergers and acquisitions. 
Managing operations and generating timely information in 
a multi-billion dollar, global organization can be difficult, 
but what happens when you combine three such compa- 
nies? How can systems be integrated and processes refined, 
so that the business can stay competitive? Steve Phillpott, 
CIO of Western Digital, explains that each of the three orga- 
nizations had their own ERP. Some tough decisions would 
need to be made to integrate all three companies. Because 
each company had been using their own ERP, when they 
merged, these systems were no longer enterprise-level. 
Data was isolated, processes were disjointed, and efforts 
were duplicated. The team could choose one of the three 
ERPs, and the other two-thirds of the company’s employees 
would need to change over to the selected system, or they 
could start from scratch and implement a new ERP across 
all divisions of the new, larger Western Digital. They chose 
to start from scratch and implement a new ERP and related 
processes across all three companies. The first phase was 
rolled out in 2017, and the implementation is currently 
ongoing. 

The decision to choose a new ERP was a great 
opportunity to update technologies and transform pro- 
cesses at Western Digital. They took this opportunity to 
redesign processes and build applications that were more 
likely to scale as they grew to be a $20+ billion company. 
Communication and collaboration are essential to inte- 
gration efforts, so the team focused on setting up those 
standards and integrated tools first. These new tools and 
processes not only helped the ERP project succeed, but 
they removed barriers to communication across all areas 
and locations of Western Digital, putting them in a bet- 
ter position for possible mergers or acquisitions in the 
future. 

Change management plays a huge role in implementing 
Western Digital ERP. As the processes and technologies are 
integrated, the people that use the systems must adjust. By 
ensuring that users are ready when the system integration 
is complete, Western Digital is able to attain much larger 
benefit from the system, more quickly. Phillpott stresses 
the importance of these underlying structures of commu- 
nications and change management to the successful imple- 
mentation and use of an ERP and the resulting competitive 
advantages. 

ERP implementations usually have long timelines, espe- 
cially in such large organizations. Phillpott says that they are 
“two years into a four-year (plus or minus) journey.” They 
are phasing the implementation as outlined below: 


Phase Status Focus 


1 Went live in Financial consolidation 


July 2017 Statutory reporting 
Operational expenditure planning 
2 Went live in Capital expenditures planning 
June 2018 Indirect Procurement 
3 In process Order orchestration 
Global trade management 
4 Planned Direct procurement 


Financial capabilities for logistics, 
inventory 


Phillpott and his team realized that they could not wait 
until the ERP was fully implemented to receive the benefits 
of the reports the system would eventually produce. So, 
to derive the most benefit as soon as possible, they imple- 
mented an interim reporting capability. They reviewed the 
business objectives and decided on the reporting priorities 
to deploy a predictive analytics platform early in the process. 
According to Phillpott, this platform “supports manufacturing 
and operation capabilities, trying to look at how we improve 
yields and the performance of our manufacturing opera- 
tions.” He also states that not only do these interim reports 
help improve performance, but they act as a testing ground 
or prototype for the reporting system that will be rolled out 
in later phases. As the ERP matures, they will implement 
various technologies for data analysis, from less to more 
complex, starting with predesigned reports and a dashboard, 
moving on to custom reports, predictive analytics, and busi- 
ness intelligence powered by artificial intelligence. They will 
be able to answer such questions as the following: 


e How can we improve our time to market? 

e How do accelerate innovation in manufacturing? 

e How can we reduce the costs in our product develop- 
ment lifecycle? 


Using their analysis and incorporating integrated cloud tech- 
nologies, they have been able to reduce the time it takes to 
conduct manufacturing simulations from 30 days down to 
nine hours or less. 


Critical Thinking Questions 


1. Many of the benefits of an ERP can be realized 
through the implementation and change process. How 
can updating and integrating processes and activities, 
as part of an ERP implementation, provide benefits to 
the organization? Provide specific examples. 

2. What steps did Western Digital take to realize the ben- 
efits of integration as it occurred rather than waiting 
until the system was completely integrated? How do 
you think this might have been different if they chose 
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one of the original three ERPs and had the other two 
companies convert to it? 

3. We tend to think of implementation as a single pro- 
cess, done all at once, with a clear starting and ending 
point, and with benefits realized at the end of the 
project. However, it is rarely that simple. How does a 
phased approach and the use of interim solutions or 
prototypes, like those used by Western Digital, help 
ensure a successful implementation? How might this 
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strategy help the ERP provide more benefit after it is 
fully implemented? 
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Principles 


e Organizations are developing 
new technology using artificial 
intelligence and expert systems. 


As companies become more 
automated through the use of 
artificial intelligence, and expert 
systems, organizations must 
strategically plan for a potential 
impact on future employment. 


Organizations are relying on 
machines to learn from pro- 
cesses to gain better outcomes. 


Robots are becoming more 
interactive in business, with new 
applications being introduced at 
a rapid pace. 


Artificial Intelligence 
(Al) and Automation 


Learning Objectives 


Briefly explain the nature of artificial intelligence. 


e Identify six components of expert systems and explain how they 


are used. 


Discuss how advancements in augmented reality are improving 
computer vision capabilities. 


e Briefly explain how an artificial neural network works. 


Describe two strategies used to train artificial neural networks. 


Discuss the potential impact of artificial intelligence and automa- 
tion on future employment. 


Define the term machine learning. 
Identify four types of machine learning training. 
Define the term natural language processing. 


Discuss how the brain computer interface is being advanced 
through research. 


Briefly explain what comprises a robotic system. 


e Describe three types of robots, including the environment in 


which they operate and the purpose they serve. 


Identify two industry applications of robotics. 
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IS in Action 


Healthcare Using Al to Improve Patient Care 


æ ANALYTICAL THINKING 


In 2017, IBM committed $240 million over ten years to establish a machine learning, cog- 
nitive computing, and deep learning research laboratory in collaboration with the Massa- 
chusetts Institute of Technology (MIT). The lab’s top research priorities include healthcare 
diagnostics and clinical decision support, along with the use of artificial intelligence (AD 
to improve cybersecurity and the impacts of integrating data analytics tools into society. 

According to the dean of MIT’s School of Engineering, Anantha Chandrakasan, “AI is 
everywhere .. . there are some particular targets we have in mind, including being able to 
detect cancer (e.g., by using AI with imaging in radiology to automatically detect breast 
cancer) well before we do now.” The new lab is a natural extension of IBM’s Watson Health 
initiative, which has focused on oncology and had positive results in the field during its 
early pilot phase. This type of system is called an expert system. The MIT lab is working on 
additional AI initiatives, along with oncology. According to an article released by Xconomy, 
the lab is seeing early progress with AI. David Cox was hired to direct the lab and stated 
that “some of the bets we’re making are starting to pay off.” 

In the years since IBM Watson Health was established, however, there have been 
reports from hospitals and physicians, including some of IBM’s partners and internal 
medical specialists, that Watson did not add value in a clinical setting and—even worse— 
sometimes recommended the wrong cancer treatments. Although IBM Watson Health has 
lost some clients and medical advisers because of the disappointing results, Laura Craft, 
a vice president of research for Gartner’s Healthcare Strategy business, has argued that 
Watson’s technology is not the problem, it simply hasn’t had enough time or quality data 
input to become the personalized medicine engine that IBM promoted it to be. Another 
problem, according to Cynthia Burghard of Healthcare IT Transformation Strategies, is 
that when training Watson, IBM used data related to simple cancers, even though more 
complex cancers would be treated differently. In addition, smaller hospitals may not have 
the same access to treatment options as larger urban facilities, meaning recommendations 
need to be tailored to specific regions and medical centers. 

In 2019, IBM Watson Health announced a new ten-year $50 million investment in 
AI partnerships with Vanderbilt University Medical Center in Nashville and Brigham and 
Women’s Hospital in Boston. These partnerships will use AI to improve the usability of 
Electronic Health Records (EHR) systems, support and increase patient safety, and help 
foster health equity. “By putting the full force of our clinical and research team together 
with two of the world’s leading academic medical centers, we will dramatically acceler- 
ate the development of real-work AI solutions that improve workflow efficiencies and 
outcomes” says Kuy Rhee, vice president and chief health officer of IBM Watson Health. 

On average, physicians spend two hours working in EHR systems for every hour of 
patient care. This can quickly cause a physician to “burn out” or make mistakes. A lot of 
these tasks can become repetitive and tedious. According to Mark Lambrecht with SAS, 
a data analytics company, there is more data than can be analyzed by physicians and AI 
can help reduce the time needed on the computer. “They do this by capturing the data 
automatically, making sense of it, providing content, and making sure the data is put in the 
right field.” One example of this is in radiology. Before AI, there were books of images and 
radiologists had to look to find a match to the scan. Now, with AI, the system can make 
the match for the radiologist much faster and reduce the time needed behind the desk. 

David Bates, chief of general internal medicine at Brigham and Women’s Hospital 
and professor of medicine at Harvard Medical School, knows how urgent the need is to 
use existing data to improve both patient and physician experience: “We all know that 
the future of health belongs to AI, but today health around the globe is siloed and not 
actionable . . . Through AI, we have an opportunity to do better.” 
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Kevin Johnson, MD, MS, chair of biomedical informatics at Vanderbilt, uses machine 
learning to deliver precision medicine and improve public health. Vanderbilt is using AI 
in many projects, such as streamlining workflows, personalizing care, and reducing care 
disparities. They are also working with GE Healthcare on a five-year project researching 
immunotherapy for cancer patients. 

The use of artificial intelligence and machine learning is growing rapidly in the health- 
care field as evidenced by the work of MIT, Brigham and Women’s Hospital, and Vanderbilt 
University Medical Center. As more research is conducted and the data grows, so too will 
the knowledge base for artificial intelligence. Who knows how far this will take us. Where 
do you see healthcare going in the next ten years? 


As you read about artificial intelligence and automation, 
consider the following: 


e What forms of artificial intelligence are organizations using today, and how are 
they being used? 

e What are the potential impacts on society as a whole as artificial intelligence and 
machine learning continue to develop? 


Why Learn About Artificial Intelligence 
(Al) and Automation? 


Artificial intelligence (Al) has been in development for more than sixty years. During this time, advances 
in Al technology have affected our daily lives—both at home and in business. What is artificial intelli- 
gence, and how does a computer become intelligent? What types of careers are available, and what do 
you need to be successful in an Al field? We need to understand how automation will affect each industry 
and how to prepare for it. Will jobs be lost due to automation, or will new jobs be created? As we look to 
the future, it is important for organizations and managers to understand artificial intelligence and automa- 
tion and their applications, including how these fields will continue to develop. 


Overview of Artificial Intelligence SA aa 


At a Dartmouth College conference in 1956, John McCarthy proposed the use 


artificial intelligence (Al): The of the term artificial intelligence (AI) to describe computers with the ability 
ability to mimic or duplicate the to mimic or duplicate the functions of the human brain. A paper was presented 


functions of the human brain. 


at the conference proposing a study of AI based on the conjecture that “every 
aspect of learning or any other feature of intelligence can in principle be so 
precisely described that a machine can be made to simulate it.” 

Many AI pioneers attended this first conference; a few predicted that com- 
puters would be as “smart” as people by the 1960s. The prediction has not yet 
been realized, but many applications of AI can be seen today, and research 
continues. 

To gain an understanding of AI requires first understanding the history 
of AI. Computers, as we know them today, had a very humble beginning 
in the 1600s when Blaise Pascal, known for his skills as a mathematician, 
invented the Pascaline, a mechanical calculating machine that worked as a 
tax calculator.? Thus began the process of using calculations to improve busi- 
ness functions. In 1837, Charles Babbage and Ada Lovelace designed the first 
programmable engines: the Difference Engine, which was designed as a cal- 
culator, and the Analytical, which led to the more modern-day computers that 
were programmed using punch cards.’ These inventions paved the way for 
the modern era of AI. 
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First mechanical 
calculating machine 
built by Blaise 
Paschal, French 
inventor and 
mathematician. 


Roomba, an autonomous 
vacuum cleaner, 
launched by iRobot. 


1997 2002 


Deep Blue, a First self-driving car for Personal assistants Generative AlphaGo 
computer urban driving conditions like Siri, Google Now, Adversarial beats 
program, defeats built by Google. and Cortona use Networks professional 
world chess speech recognition to (GAN) Go player 


champion Garry 
Kasparov. 


FIGURE 11.1 


Timeline of artificial intelligence 


First design fora 
programmable 
machine created by 
Charles Babbage 
and Ada Lovelace. 
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As shown in Figure 11.1, AI developed quickly through the decades since 
the 1640s from 1642 to 2018.4 In 1943, Warren McCulloch and Walter Pitts 
established the parallel between the brain and computers, marking the foun- 
dation of neural networks. This will be discussed later in the chapter. 


Basis for neural networks 
established by Warren 
McCulloch and Walter 

Pitts, drawing similarities 
between the brain and 
computing machines. 


Expert systems 
developed by Edward 
Feigenbaum to emulate 
decision making of 
human experts. 


The term “Artificial 
intelligence” came 
out of an academic 
conference on the 
topic. 


1943 1950 1980s 


1955 1965 


The Turing test- ELIZA, the 


a way to test a natural language 
machine’s program Artificial 
intelligence- handling Intelligence 
introduced by dialogue on any courses taught 
IBM's Watson beats Alan Turing. topic, is created. at most 
winners of US game colleges and 


show Jeopardy! universities. 


2009 2011 2011-2014 2014 2016 2018 


answer questions and 
perform tasks. 


developed by Lee Sedol. 


lan Goodfellow. 


Historical time of artificial intelligence development. 
Source: “History of Artificial Intelligence,” https://qbi.uqg.edu.au/brain/intelligent-machines/history-artificial-intelligence, Queensland Brain Institute. 


In 1950, Alan Turing, a mathematician who later became known as the 
father of modern computer science, developed a way to test a machine’s intel- 
ligence. His thought was that if the machine could trick a person into thinking 
it was human, then the machine was intelligent. Turing’s initial conclusion was 
that there was not enough memory and storage available, at the time, and also 
human’s ability to experience emotions and originality in their work. However, 
he also believed his initial proposal would be realized within fifty years. The 
Turing Test has not been realized, meaning that there has been no officially 
confirmed case of a computer being mistaken for a human, but other expert 
systems may offer a different solution. Expert systems are discussed later in 
this chapter. 

The 1960s brought several robotic innovations, including Unimate, the first 
industrial robot, which in 1961 was put to use in General Motor (GM) factories, 
replacing humans on some parts of GM’s assembly lines. In 1964, a chatbot 
called ELIZA that could hold conversations with humans was developed by 
Joseph Weizenbaum at MIT.° In 1966, Shakey the Robot (shown in Figure 11.2) 
was created. Shakey could perform tasks that involved rearranging simple 
objects and planning routes. Shakey was shown to have the ability to “perceive 
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FIGURE 11.2 

Shakey the Robot 

Shakey the Robot is known as the 
“first electronic person.” 

Source: By Marshall Astor from San Pedro, 
United States—Cropped (by uploader, 
User: Sanchom) version of Shakey-Robot, 
CC BY-SA 2.0, https://commons.wikimedia. 
org/w/index.php?curid=3627201 


and reason about its surroundings,” and in 1970, Life magazine referred to it 
as the “first electronic person.”” 

Over the next twenty years, the development of AI seemed to stall. Research 
continued, but there was much work to be done. There had to be a distinc- 
tion between AI and machine learning. Researchers had determined that AI 
operated on a set of rules, and machine learning used data to determine the 
next step in the process. In order to make it work, they had to learn how to 
program the rules to make the AI work properly. The difference with machine 
learning is that the machine is learning while it is being used. Once this was 
understood, the work with AI could resume with a new focus on the program- 
ming of artificial intelligence. 

In the late 1990s, IBM challenged world chess champion Gary Kasparov 
to an epic man-versus-machine battle against its supercomputer dubbed Deep 
Blue. In May 1997, Deep Blue claimed victory after an extended six game 
match—claiming two wins, one loss, and three draws. Deep Blue became the 
inspiration for Watson.’ 

Over the next ten years, many robotic toys and household appliances were 
released on the market—each making use of more advanced AI technology 
than the last. AiBO, a robotic dog first released in 1999, has a personality that 
continues to develop as a child plays with it. Al-assisted appliances such as the 
Roomba, which can vacuum a home without damaging furniture and walls by 
learning how to navigate around these items, became more common starting 
in the early 2000s.° 
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artificial intelligence (Al) 
system: The people, procedures, 
hardware, software, data, and 
knowledge needed to develop 
computer systems and machines 
that can simulate human intelligence 
processes, including learning (the 
acquisition of information and rules 
for using the information), reasoning 
(using rules to reach conclusions), 
and self-correction (using the outcome 
from one scenario to improve its 
performance on future scenarios). 


intelligent behavior: The ability 
to learn from experiences and apply 
knowledge acquired from those 
experiences; to handle complex 
situations; to solve problems when 
important information is missing; to 
determine what is important and to 
react quickly and correctly to a new 
situation; to understand visual images, 
process and manipulate symbols, and 
be creative and imaginative; and to use 
heuristics. 
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The next big advancement in AI came in 2011 when IBM’s Watson defeated 
two prior Jeopardy champions. To prepare for the game, IBM programmers had 
to give Watson the ability to do natural language processing so that it would 
understand the nature of each question and be able to formulate a reply in the 
form of a question." Natural language is discussed later in the chapter. 

The last decade has seen rapid growth in the use of AI applications in 
business settings and in the daily lives of consumers. Applications such as Siri, 
Cortana, and Alexa provide assistance with everything from the weather to 
directions to shopping. With these applications, users can simply ask a question 
to get an answer based on their location and preferences. AI continues to move 
forward, and in this chapter, we will look at how these developments are likely 
to impact information technology, our careers, and our daily lives. 


Artificial Intelligence in Perspective 


Computers were originally designed to perform simple mathematical opera- 
tions, using fixed programmed rules and eventually operating at millions of 
computations per second. When it comes to performing mathematical opera- 
tions quickly and accurately, computers beat humans hands down. However, 
computers still have trouble recognizing patterns, adapting to new situa- 
tions, and drawing conclusions when not provided complete information—all 
activities that humans can perform quite well. Artificial intelligence systems 
tackle these sorts of problems. Artificial intelligence (AID systems include 
the people, procedures, hardware, software, data, and knowledge needed to 
develop computer systems and machines that can simulate human intelligence 
processes, including learning (the acquisition of information and rules for 
using the information), reasoning (using rules to reach conclusions), and self- 
correction (using the outcome from one scenario to improve its performance 
on future scenarios). 

AI is a complex and interdisciplinary field that involves several specialties, 
including biology, computer science, linguistics, mathematics, neuroscience, 
philosophy, and psychology. The study of AI systems causes one to ponder 
philosophical issues such as the nature of the human mind and the ethics of 
creating objects gifted with human-like intelligence. Today, AI systems are 
used in many industries and applications. Researchers, scientists, and experts 
on how human beings think are often involved in developing these systems. 


Nature of Intelligence 


From its earliest stages, the emphasis of much AI research has been on develop- 
ing machines with the ability to “learn” from experiences and apply knowledge 
acquired from those experiences; to handle complex situations; to solve prob- 
lems when important information is missing; to determine what is important 
and to react quickly and correctly to a new situation; to understand visual 
images, process and manipulate symbols, and be creative and imaginative; and 
to use heuristics—all of which together is considered intelligent behavior. 

As described above, the Turing Test was developed to determine if a com- 
puter could convince humans that they were conversing with another human 
rather than a computer. Since 1951, there has been no declared winner of this 
award. Some have questioned if the Google Duplex, an AI device that speaks 
for a user with the help of Google Assistant, may have beat the Turing Test due 
to the successful completion of a phone call to schedule a hair salon appoint- 
ment. In a competition, completed before a live audience, Google Duplex was 
given the information to ask for an appointment and accept the time given. 
Some would say yes, as the salon receptionist did not know she was talking 
with a computer and conducted business as usual. Some would say no, as the 
call was made in front of an audience and an appointment is more of a scripted 
type of call." 
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Starting in 1991, Hugh Loebner and the Cambridge Centre for Behavioural 
Studies began hosting a Turing Test contest—one of many contests in existence 
today that allows businesses and individuals to compete and showcase their 
chatbots to determine if they can pass the Turing Test. In 2014, the Society 
for the Study of Artificial Intelligence and Simulation of Behaviour (AISB), the 
world’s first AI society, took over running the contest, which is a blind com- 
petition, meaning that both humans and computers are behind curtains while 
judges converse with them via computer chat. Both humans and computers are 
trying to convince the panel of judges that they are human. No computer has 
been successful; however, all humans who have taken part in the contest have 
successfully convinced the judges they were human—though some by a very 
slim margin. As of 2019, this is no longer a formal contest; instead, the prize 
will be awarded by a combine jury and public vote.” 

Some of the specific characteristics of intelligent behavior include the abil- 
ity to do the following: 


e Learn from experience and apply the knowledge acquired from 
experience. Learning from past situations and events is a key compo- 
nent of intelligent behavior and is a natural ability of humans, who learn 
by trial and error. This ability, however, must be carefully programmed 
into a computer system. Today, researchers are developing systems 
that can “learn” from experience. The 20 Questions (20Q) Website, 
www.20q.net (see Figure 11.3), is an example of a system that learns.’ 
The Web site is an AI game that learns as people play. 


FIGURE 11.3 
The 200 Website 
20Q is a game where users play the 
popular game 20 Questions against 


an Al foe. 
Source: www.20q.net 


q€ p = jnet Sea = 
Zz BEF gster ek DD = 


Q20. | am guessing that it is a piano? E > 
Right, Wrong, Close f 


19. Is it worth a lot of money? Yes. 

18. Does it have four legs? Sometimes. 
17. Does it have a cable? No. 

16. Is it found on a desk? No. 

15. Can you play with it? Yes. 

14. Is it part of a set? No. 

13. Is it hard? Yes. 

12. Is it outside? No. 

11. Can it be used in remote areas? Yes. 
10. Does it weigh more than 1 ton? No. 

|. Is it used by a baby? No. 

Can it be stolen? Yes. 

. Do you hold it when you use it? No. 
Is it used in a casino? No. 

. Was it invented? Yes. 

. Can you hold it? No. 

Is it smaller than a loaf of bread? No. 
. Does it bring joy to people? Yes. 

. tis classified as Other. 
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e Handle complex situations. In a business setting, top-level managers 
and executives must handle a complex market, challenging competitors, 
intricate government regulations, and a demanding workforce. Even 
human experts make mistakes in dealing with these matters. Very careful 
planning and elaborate computer programming are necessary to develop 
systems that can handle complex situations. 

e Solve problems when important information is missing. An integral 
part of decision making is dealing with uncertainty. Often, decisions 
must be made with little or inaccurate information because obtaining 
complete information is too costly or impossible. Today, AI systems can 
make important calculations, comparisons, and decisions even when 
information is missing. However, it must be noted that the decisions 
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perceptive system: A system that 
approximates the way a person sees, 
hears, and feels objects. 


heuristics: A trial-and-error method ° 
of problem solving used when an 

algorithmic or mathematical approach 

is not practical. 
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made by an AI system are only as good as the data. A decision will be 
based only on the information available to the system. If vital data is 
missing, it will have an impact on the quality of the decision. This is 
much like how humans make decisions: We process the information 

we have available and make the best possible decision. As more data 
becomes available, the outcome may change. 

Determine what is important. Knowing what is truly important is the 
mark of a good decision maker. Humans can reprogram their thought 
process and overlook extraneous data to determine what is important. 
Developing programs and approaches to allow computer systems and 
machines to identify important information is not a simple task. Algo- 
rithms are programmed to “weed out” the bad data and identify the good 
data. If the algorithms are not programmed correctly, the computer will 
not know to overlook incorrect data. 

React quickly and correctly to a new situation. A small child, for 
example, can look over an edge and know not to venture too close. The 
child reacts quickly and correctly to a new situation. On the other hand, 
without complex programming, computers do not have this ability. 
Understand visual images. Interpreting visual images can be extremely 
difficult, even for sophisticated computers. Moving through a room of 
chairs, tables, and other objects can be trivial for people but extremely 
complex for machines, robots, and computers. Such machines require an 
extension of understanding visual images, called a perceptive system. 
Having a perceptive system allows a machine to approximate the way a 
person sees, hears, and feels objects. 

Process and manipulate symbols. People see, manipulate, and process 
symbols every day. Visual images provide a constant stream of informa- 
tion to our brains. By contrast, computers cannot intuitively handle sym- 
bolic processing and reasoning. Although computers excel at numerical 
calculations, they must have extensive programming to dealing with sym- 
bols and three-dimensional objects. Recent developments in computer- 
vision and machine-vision hardware and software, however, allow some 
computers to process and manipulate certain symbols. Machine-vision 
uses cameras to view an image, and computer-vision uses programmed 
algorithms to interpret the images. 

Be creative and imaginative. Throughout history, some people have 
turned difficult situations into advantages by being creative and imagina- 
tive. For instance, when defective mints with holes in the middle arrived 
at a candy factory, an enterprising entrepreneur decided to market these 
new mints as LifeSavers instead of returning them to the manufacturer. 
Ice cream cones were invented at the St. Louis World’s Fair when an 
imaginative store owner decided to wrap ice cream with a waffle from 
his grill for portability. Developing new products and services from an 
existing (perhaps negative) situation is a human characteristic. While 
software has been developed to enable a computer to write short stories, 
few computers can be imaginative or creative in this way. 

Use heuristics. For some decisions, people use heuristics, a trial-and- 
error method of problem solving. Some computer systems obtain good 
solutions to complex problems (e.g., scheduling the flight crews for a 
large airline) based on heuristics rather than trying to search for an opti- 
mal solution, which might be technically difficult or too time consuming. 


expert systems: The decision- Expert Systems 


making computer systems in Al, 
designed to be the most advanced 


Expert systems were the precursor of the modern AI systems." Expert systems 


and most reliable in solving complex are the decision-making computer systems in AI (see Figure 11.4), and they 
problems. are designed to be the most advanced and most reliable in solving complex 
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FIGURE 11.4 
Expert systems 
Expert systems analyze com- 
plex problems to deliver reliable 
solutions. 
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problems, and they work in a specific domain. These systems must be pro- 
grammed for their issues, as this decision making uses both facts and heuristics 
to solve the level of problems that would take the highest level of human intel- 
ligence and expertise to solve. We are seeing many advances in expert systems 
in the medical field today, as discussed in the opening case. 


Characteristics of Expert Systems 


Expert systems must be able to perform whenever they are needed, and the 
results must be accurate. The programming of such systems is highly complex 
and can be compared to the intelligence level of the experts, who rely on the 
results. When working on a complex project, the department, or lab, will take 
on certain characteristics, such as executing a highly developed plan with 
the speed and accuracy to make critical decisions when necessary. A good 
example of this is preparing an operating room for a patient. When preparing 
for a major surgical procedure, the medical staff has a process they follow to 
ensure that the patient is prepared for surgery and all equipment is properly 
sterilized and ready for use. The surgical team has to be highly effective and 
reliable so the doctors can focus on the patient. When the patient arrives in the 
operating room, the room has to be ready, and the tone of the room changes, 
as the patient must be treated professionally and should see and hear only 
certain information. If the procedure changes, either before or during the 
surgery, the team must be able to process that information quickly and make 
the critical decisions necessary to ensure the patient receives the best medical 
care. All expert systems have the following characteristics: highly effective, 
understandable, reliable, able to process data quickly, and capable of critical 
decision making. These characteristics are described in more detail in the fol- 
lowing sections, but note that an expert system may also require additional 
characteristics depending the application or domain the system is programmed 
for, such as the medical or financial industries. 


Highly Effective 


For a system to be considered “expert,” it must be capable of handling complex 
algorithms with large data sets in a reasonable amount of time. If a human 
expert is able to process the data faster than the program, with accurate results, 
then the program will be considered obsolete and will no longer be useful. The 
system must be efficient and easy to use to remain an expert system. 
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Understandable 


For information to be useful, it must be accurate and understandable. For instance, 
if you take a quiz in a class, and the only feedback you receive from your instruc- 
tor is “Some answers are correct, and some answers are incorrect,” not only will 
you not know what grade you received on the quiz, you will also not know what 
areas to focus on when studying for the final exam. You need clear and precise 
results, such as “You answered questions 5 and 7 incorrectly, the correct answers 
are B and D, and your grade on the quiz is 93. In the same way, an expert system 
must give an understandable report for it to be of use. In this chapter’s opening 
case, we saw that improvements are being made on ways to help physicians 
reduce time working at their desks by interpreting results from the EHR systems. 
These results must be understandable, or the patient’s health will suffer. 


Reliable 


Not only does the results from an expert system have to be understandable, it 
also has to be reliable. In the healthcare industry, accurate and reliable results 
can be the difference between life and death. Airlines use expert systems in 
scheduling their daily routes and managing some of the world’s largest airports. 
If these systems do not have reliable information, planes may not arrive at the 
correct airport, or they may all arrive at the same time. 


Able to Process Data Quickly 


Expert systems must be able to process large data sets quickly and efficiently. 
Expert systems often work with data sets that are measured in terabytes, peta- 
bytes, or even exabytes. This data may come from multiple sources and require 
the expert system to process nonstandard data types, such as images, videos, 
or recordings. The expert system must be able to perform this type of highly 
complex processing rapidly to remain useful to the organization. 


Capable of Critical Decision Making 


Some expert systems are used to aid critical decision making. Such a system 
may be used, for instance, to ensure the right person is hired for a dangerous or 
stressful job, such as one in which the person has responsibility for the safety 
of many other people. In the airline industry, the Aviation Expert System is 
used to perform psychological assessments to ensure that pilots are capable of 
handling the stress of knowing they are responsible for getting everyone on 
board the planes they are flying safely to their destination. The GAPATS system 
is another expert system used in the aviation industry. It was developed in the 
late 1990s and is still in use today as a flight simulator designed to help train 
pilots for any situation they may encounter in the air. The simulator is built on 
an AI platform that simulates different scenarios, some of which were based on 
actual plane crashes caused by the failure of existing computer models, requir- 
ing new algorithms to be built into the system. Today, expert systems handle 
most routine tasks involved in the flying commercial airlines; these simulations 
are used to train pilots on how to handle emergencies if they should occur. 


Capabilities of Expert Systems 


Organizations use expert systems to work more efficiently, save money, make 
better decisions, and out-perform their competitors. The capabilities of expert 
systems include aiding in decision making, such as in the area of human 
resources. Companies that make use of expert systems in hiring may embed 
questions in online job applications that are used by an expert system to decide 
whether to accept or reject the application for further consideration based on 
the job requirements. One company that develops AI recruiting software has 
developed an algorithm for candidate sourcing that it claims can reduce hiring 
time from 34 days to just 9 days.'® 
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FIGURE 11.5 


Components of an expert 


system 

An expert system includes a knowl- 
edge base, a development engine, 
an inference engine, an explanation 
facility, a knowledge base acquisi- 
tion facility, and a user interface. 


knowledge base: A component 

of an expert system that stores all 
relevant information, data, rules, cases 
and relationships used by the expert 
system. 


FIGURE 11.6 


Relationships between data, 


information, and knowledge 
A knowledge base stores all rele- 
vant information, data, rules, cases, 
and relationships that an expert 
system uses. 


Data analysis, interpreting input, and justifying conclusions are other func- 
tions that may be performed by expert systems. Earlier in the chapter we 
looked at how AI is being used in the medical industry. AI is also being used in 
the financial industry to predict market trends, make determinations regarding 
loan applications, and even predict election outcomes. These same systems also 
offer alternative options to problems to keep business running efficiently and 
promote customer relationships. 


Components of Expert Systems 

An expert system is made up of a collection of integrated and related compo- 
nents, including a knowledge base, a development engine, an inference engine, 
an explanation facility, a knowledge base acquisition facility, and a user inter- 
face. A diagram of a typical expert system is shown in Figure 11.5. 
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As shown in the figure, the user interacts with the user interface, which 
interacts with the inference engine. The inference engine interacts with the 
other expert system components to provide expertise. This figure also shows 
the inference engine coordinating the flow of knowledge to other components 
of the expert system. 


Knowledge Base 


The knowledge base stores all relevant information, data, rules, cases, and 
relationships that the expert system uses. The information captured is the 
knowledge that experts use to make complex decisions. If the information 
gathered is not complete, then the decisions will not be accurate. As shown 
in Figure 11.6, a knowledge base is a natural extension of a database and an 
information and decision-support system. A knowledge base must be devel- 
oped for each unique expert system application. Rules and cases are frequently 
used to create a knowledge base. 
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rule: A conditional statement 
that links conditions to actions or 
outcomes. 


IF-THEN statement: A rule that 
suggests certain conclusions. 


development engine: Engine that 
builds the sets of rules and processes 
used by Al systems. 


inference engine: Part of the 
expert system that seeks information 
and relationships from the knowledge 
base and provides answers, 
predictions, and suggestions, often 
taking the place of the human experts. 


Forward chaining: A strategy used 
by the inference engine to process 
data using a set of known facts to 
make decisions. 
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A rule is a conditional statement that links conditions to actions or out- 
comes. In many instances, these rules are stored as IF-THEN statements, 
which are rules that suggest certain conclusions. The FICO Blaze Advisor sys- 
tem is a rules-based platform that allows business users to develop and test 
rule-based decision applications. The platform is used by clients to build expert 
systems for benefits eligibility determination, insurance underwriting, regula- 
tory compliance monitoring, and personal and commercial lending—among 
other uses.” 

A case-based system can also be used to develop a solution to a current 
problem or situation. In such a system, each case typically contains a descrip- 
tion of the problem, plus a solution and/or the outcome. The case-based solu- 
tion process involves (1) finding cases stored in the knowledge base that are 
similar to the problem or situation at hand, (2) reusing the case in an attempt 
to solve the problem at hand, (3) revising the proposed solution if necessary, 
and (4) retaining the new solution as part of a new case. A washing machine 
repairman who fixes a washer by recalling another washer that presented sim- 
ilar symptoms is using case-based reasoning, so is the lawyer who advocates 
a particular outcome in a trial based on legal precedents. 


Development Engine 

AI runs on rules and processes, and those sets of rules and processes are 
created by the development engine component of the expert system. These 
rules and processes are usually built using one of two approaches. The first 
approach is to use a processor as a shell to work on specific problems by add- 
ing the necessary knowledge base. These shells can produce an expert system 
faster than using a traditional programming language to reprogram a system 
for each new question.’ 

The second approach involves using traditional programming language 
to develop the expert system. This approach requires using a human’s expert 
knowledge and developing a plan for the system. Then programming and 
testing must take place, which may take days, weeks, or months based on the 
complexity of the system. Some of the major programming languages used in 
AI are Python, Java, and C++. 


Inference Engine 
The main purpose of an inference engine is to seek information and rela- 
tionships from the knowledge base and to provide answers, predictions, and 
suggestions. Inference engines are considered one of the most important com- 
ponents of an expert system, as these predictions and suggestions often take the 
place of human experts. In other words, the inference engine is the component 
that delivers the expert advice. Consider the expert system that forecasts future 
sales for a product. One approach is to start with a fact such as “The demand for 
the product last month was 20,000 units.” The expert system searches for rules 
that contain a reference to product demand. For example, “IF product demand 
is over 15,000 units, THEN check the demand for competing products.” The 
programming in the expert system would use information on the demand for 
competitive products. Next, after searching additional rules, the expert system 
might use information on personal income or national inflation rates. This pro- 
cess continues until the expert system can reach a conclusion using the data 
supplied by the user and the rules that apply in the knowledge base. 
Inference engines process a massive amount of data. The engine applies 
rules to the facts and adds new knowledge to the knowledge base, if it is 
required. If there is a conflict, multiple rules may have to be applied. As such, 
the engine must use one of two strategies (forward chaining or backward 
chaining) to process data and provide an answer, prediction, or suggestion. 
Forward chaining follows a set of known facts to make decisions. For 
each fact, there is a set number of outcomes. The knowledge base is consulted, 
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backward chaining: A strategy 
used by the inference engine to 
determine how a decision was made. 


explanation facility: Component 
of an expert system that allows a user 
or decision maker to understand how 
the expert system arrived at certain 
conclusions or results. 


knowledge acquisition 

facility: Part of the expert system 
that provides a convenient and efficient 
means of capturing and storing all the 
components of the knowledge base. 


domain expert: The person or 
group with the expertise or knowledge 
the expert system is trying to capture 
(domain). 


knowledge engineer: A person 
who has training or experience in the 
design, development, implementation, 
and maintenance of an expert system. 


and the next decision is made. The process continues until a conclusion is 
reached. This can be a long process, depending on how complex the problem 
is and how many possible outcomes there are for each question. For each 
decision, the knowledge base is consulted, and the data must be processed. 
This is the slowest of the two strategies. 

Backward chaining looks at what has already happened and works back- 
ward to find out how the decision was made. The same facts, decisions, and 
outcomes are in the knowledge base, but the process is in reverse order. This 
makes the processing much faster, as the conclusion is known, and the number 
of iterations is reduced. The forward chain looks into what happens next, but 
the backward chain determines why something happened.” Backward chain- 
ing is used to prove a conclusion. This information can be used to design new 
systems and faster response times for future decisions. 


Explanation Facility 

Another important part of an expert system is the explanation facility, which 
allows a user or decision maker to understand how the expert system arrived 
at certain conclusions or results. A medical expert system, for example, might 
reach the conclusion that a patient has a defective heart valve given certain 
symptoms and the results of tests conducted on the patient. The explanation 
facility allows a doctor to find out the logic or rationale of the diagnosis made 
by the expert system. The expert system, using the explanation facility, can 
indicate all the facts and rules that were used in reaching the conclusion, which 
the doctors can look at to determine whether the expert system is processing 
the data and information correctly and logically. 


Knowledge Acquisition Facility 
A challenging aspect of developing a useful expert system is the creation and 
updating of the knowledge base. In the past, when more traditional program- 
ming languages were used, developing a knowledge base was tedious and time 
consuming. Each fact, relationship, and rule had to be programmed—usually 
by an experienced programmer. 

Today, specialized software allows users and decision makers to create 
and modify their own knowledge bases through the knowledge acquisition 
facility, using user-friendly menus. The purpose of the knowledge acquisition 
facility is to provide a convenient and efficient means of capturing and storing 
all components of the knowledge base. The knowledge acquisition facility acts 
as an interface between experts and the knowledge base. 


User Interface 


The main purpose of the user interface is to make an expert system easier for 
users and decision makers to develop and use. At one time, skilled computer 
personnel created and operated most expert systems; today, simplified user 
interfaces permit decision makers to develop and use their own expert systems. 
A user interface is made up of two parts: input and output. The input allows 
for the user to input the commands, scan images, and give verbal instructions to 
the program. The output allows for the system to ask for additional input from 
the user, show errors, and provide solutions and decisions for the given task. 


Participants in Developing and Using Expert Systems 

Typically, several people are involved in developing and using an expert sys- 
tem. The domain expert is the person or group with the expertise or knowl- 
edge the expert system is trying to capture (domain). In most cases, the domain 
expert is a group of human experts. A knowledge engineer is a person who 
has training or experience in the design, development, implementation, and 
maintenance of an expert system, including training or experience with expert 
system shells. Knowledge engineers can help transfer the knowledge from the 
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knowledge user: The person or 
group who uses and benefits from the 
expert system. 


vision system: The hardware and 
software that permit computers to 
capture, store, and manipulate visual 
images. 


augmented reality (AR): Vision 
system software that takes computer- 
generated images and superimposes 
them on a user’s view of the world 
through the use of specialized glasses 
or goggles. 


FIGURE 11.7 


Surgeons use augmented 


reality goggles in surgery 

AR goggles allow surgeons to 
superimpose images onto the real 
world by using specialized goggles 
during surgery to provide better 
visualization. 
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expert system to the knowledge user. The knowledge user is the person or 
group who uses and benefits from the expert system. Knowledge users do not 
need any previous training in computers or expert systems. 


Vision Systems 


Another area of AI involves vision systems, which include hardware and 
software that permit computers to capture, store, and process visual images. 
A rise in Industrial Internet of Things (IIoT) has resulted in a new generation 
of vision systems, which allow machines to communicate with each other and 
process information in a fast-paced automated environment. IloT is used more 
in industrial settings and applications, with a focus on machine learning, big 
data, and communication. Manufacturing has long involved automated pro- 
cesses, and the automotive industry relies on 3D vision applications for deter- 
mining the direction robots should move. Camera placement is crucial for the 
3D applications to provide the most accurate information, and the use of these 
camera and recorded images assist in quality control and the end of production 
control. Robots, discussed later in the chapter, are used in manufacturing, and 
vision systems, with the use of captured images, are able to determine what 
is moving in and around the manufacturing lines. This includes both products 
and persons. When humans, such as inspectors, are moving around the pro- 
duction lines, the robot will stop if it determines a collision with the human 
is unavoidable. Otherwise, the robot will not stop, and the plant continues to 
work efficiently.” 

Augmented reality (AR) is a type of vision system that is being used 
widely in the medical field. Augmented reality is different from virtual reality, 
which has been used in business and in homes for many years. Virtual reality 
allows for the user to take tours or “walk through” different scenes without 
leaving their chair. For example, if you wanted to walk around the Statue of 
Liberty, a virtual reality app would allow you to sit on your sofa and take a 
tour. Augmented reality would place the Statue of Liberty in your living room 
and you could walk around it by using your mobile device app. 

AR takes a computer-generated image and superimposes it on a user’s view 
of the real world through the use of specialized glasses or goggles, as shown 
in Figure 11.7. Most surgeons rely on 2D images in the surgical suite. The sur- 
geons rely on their memory and skill to pull the individual images together into 
one image when operating. AR uses AI algorithms along with 3D anatomical 
algorithms to create images that can be seen with the use of special goggles. 
These images can then be overlaid onto the patient, and multiple surgical 
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genetic algorithm: An approach 
to solving problems based on the 
theory of evolution; uses the concept 
of survival of the fittest as a problem- 
solving strategy. 


intelligent agent: Programs and 
a knowledge base used to perform a 
specific task for a person, a process, 
or another program; also called an 
intelligent robot or bot. 


artificial neural network: A 
computer system that can recognize 
and act on patterns or trends that it 
detects in large sets of data; developed 
to operate like the human brain. 


personnel can see the same overlay by wearing AR goggles, which provide 
more than just images. Chart information and real-time information, such as the 
patient’s heart rate, can be fed directly into the display so doctors do not have 
to divert their attention to monitors or charts during the procedures. AR has 
also proven to be a great tool for training physicians by providing skills-based 
labs in a virtual environment.*! 


Other Al Applications 


Other AI applications include genetic algorithms, which was inspired by 
evolutionary biology. Genetic algorithm makes use of selection, mutation, and 
recombination to solve problems, much like the “survival of the fittest” concept 
of evolution.” The genetic algorithm uses a fitness function that quantitatively 
evaluates a set of initial candidate solutions. The highest-scoring candidate 
solutions are allowed to “reproduce,” with random changes introduced to cre- 
ate new candidate solutions. These digital offspring are subjected to a second 
round of fitness evaluation. Again, the most promising candidate solutions 
are selected and used to create a new generation with random changes. The 
process repeats for hundreds or even thousands of rounds. The expectation 
is that the average fitness of the population will increase each round and that 
eventually very good solutions to the problem will be discovered. 

Genetic algorithms have been used to solve large, complex scheduling 
problems, such as scheduling airline crews to meet flight requirements while 
minimizing total costs and staying within federal guidelines on maximum crew 
flight hours and required hours of rest. Genetic algorithms have also been used 
to design mirrors that funnel sunlight to a solar collection and radio antenna 
that pick up signals from space. 

Another AI application, intelligent agent (also called an intelligent robot 
or bot), consists of programs and a knowledge base used to perform a specific 
task for a person, a process, or another program. Like a sports agent who 
searches for the best endorsement deals for a top athlete, an intelligent agent 
is often used to search for the best price, schedule, or solution to a problem. 
The programs used by an intelligent agent can search large amounts of data 
as the knowledge base refines the search or accommodates user preferences. 
Often used to search the vast resources of the Internet, intelligent agents can 
help people find information on any topic, such as the best price for a new 
camera or used car. 


Artificial Neural Networks 


An increasingly important aspect of AI involves artificial neural networks, also 
called neural nets. An artificial neural network is a computer system that can 
recognize and act on patterns or trends that it detects in large sets of data, devel- 
oped to operate like the human brain. Developed in 1943 by Warren McCulloch 
and Walter Pitts, neural networks were designed to review patterns and make 
decisions based on these patterns. The human brain is connected by neurons 
through which information is filtered so that we can make decisions based on 
the data that is input through our senses. In much the same way, data is col- 
lected and input into an artificial neural network and then filtered through net- 
worked connections that have a value associated with them. These values lead 
the program to make decisions that lead to a final result. The program is trained 
through supervised learning, through the machine learning process, which is 
discussed later in the chapter. One example of an artificial neural network is the 
feedforward neural network. A feedforward neural network is a network where 
the information flows only in the forward direction, instead of in a circular 
motion. Most networks will feed data back into the pattern, creating that cir- 
cular pattern. Feedforward neural networks will send the information forward, 
creating a straight pattern. Researchers at the University of British Columbia 
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FIGURE 11.8 


A neural networks process 


from training through result 
Neural networks are trained, receive 
input, and then process the informa- 
tion through weighted connections 
until a result is found. 
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have trained this network using data representing different temperatures and 
pressures from the Pacific Ocean to predict underwater volcano eruptions. Vol- 
canic eruptions can cause tsunamis along the western coast of North America, 
and predictions from this neural network are designed to give people more 
advanced warning when it becomes necessary to evacuate the coastal areas.” 

So the question remains, “How does the artificial neural network learn?” 
Just as a child learns new things, an artificial neural network is programmed to 
learn from each iteration during the training phase—a process that continues 
even after the system is implemented. Think back to when you first learned to 
ride a bicycle. Training wheels likely kept you upright while you learned how 
to pedal and steer. You were learning how to maneuver the handlebars while 
also working the pedals. Once the training wheels were removed, you also had 
to learn how to balance the bicycle, along with pedaling and steering. Each 
change required you to learn a new skill. The same approach is used with neu- 
ral networks. Input is given, and feedback is received. The feedback is used to 
weight the connections, meaning it takes all the options and assigns the most 
“points” to the choice with the most feedback. The next iteration looks at the 
choices and takes the one with the highest weight based on the situation, see 
Figure 11.8. One difference between the human response and the computer 
response is an emotional one. A child riding a bicycle may experience an emo- 
tional response to success or failure while a computer will give an unemotional 
answer to a given question. 
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RECOGNITION 
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Neural networks are used in many industries, with more applications contin- 
ually in development. NASA has been experimenting with neural networks for 
over twenty years with its Intelligent Flight Control System, which helps pilots 
land planes after they sustain battle damage or experience major system failures. 
Google saw a 55-85 percent reduction in translation errors after implementing 
its Neural Machine Translation, which converts entire sentences from one lan- 
guage into another. Email software uses neural networks to differentiate spam 
email from genuine email, and you may be using neural networks if you are use 
a speech-to-text application or a touch screen on your smartphone or tablet.” 


Al and Employment 


In recent years, the debate about the impact of AI on future employment has 
been getting more attention. Will there be jobs in the future, or will computers 
take over the world? AI has already affected many industries, and AI technology 
is being introduced in new industries and new applications at a rapid pace. 
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upskill: The practice of training a 
workforce to perform higher-skilled 
roles to ensure they meet their full 

potential. 


However, the debate over the advantages and disadvantages of new technology 
in terms of job creation is not a new one. 

Automation has often created a fear of job loss. Change can be hard to 
accept when it appears that it will affect your livelihood. In 1811, the Luddite 
movement began when textile workers protested the automation of textile 
manufacturing plants over fears that skilled workers would be displaced. Each 
decade has brought about its own fears of job loss due to automation. In 
the 1930s, machines were blamed for the loss of jobs. In the 1940s, a tax on 
machines was proposed to offset the unemployment rate.” In 1961, President 
Kennedy addressed the nation saying, “the major challenge of the sixties is 
to maintain full employment at a time when automation is replacing men.” 
When personal computers became standard in the late 1980s, employers began 
requiring workers to learn the basics of computers to remain in their positions, 
setting off an era of “computerphobia.” In the long run, however, the introduc- 
tion of new technology has always resulted in more jobs being created than 
were lost. Technology may create cheaper and faster labor, but other—higher 
paying—jobs are often created as a result of the new technology.” 

In 2017, McKinsey & Company conducted a study that examined how 
automation will impact the global workforce by 2030. Included in the calcula- 
tion was the cost of deploying the solutions, the quality and quantity of labor, 
wages, the benefits of automation, and social acceptance. The study estimated 
that approximately 30 percent of the hours worked worldwide could be auto- 
mated by 2030—meaning 400 million to 800 million displaced individuals will 
need to learn new skills and move into new occupations. McKinsey & Company 
does have good news, however. The study estimates that 9 percent of the labor 
demand in 2030 will be in occupations that did not exist before. The study 
also predicted that wages in 2030 will be much higher due to automation. The 
benefits of AI, if managed effectively and efficiently, can drive the economy to 
create jobs instead of removing jobs.” 

A report released by the World Economic Forum titled “The Future of 
Jobs 2018” states that the growth of AI could actually create up to 58 million 
new jobs by 2022. In order for this to happen, organizations must recog- 
nize the talent within their workforce and upskill their workforce to meet 
the demands of new automation. Upskilling refers to training a workforce 
to perform higher-skilled roles to ensure they meet their full potential. The 
organization must also have a strategic plan to move forward. For workers to 
take advantage of this trend, they must take personal responsibility for their 
own training and development. Employees can take advantage of career and 
professional development opportunities, return to school for more education, 
and apply for higher-skilled positions.” 

A report by LinkedIn noted that between 2015 and 2017, the number of 
AI skills listed on individual LinkedIn profiles increased by 190 percent. The 
countries with the highest concentration of AI skills were the United States, 
China, India, Israel, and Germany. These countries headquarter many 
fast-moving companies that are driving AI technology. The LinkedIn report also 
examined identified three skill sets that are complementary to AI: data and 
programming skills, skills to use the products or services powered by data, 
and interpersonal skills. According to LinkedIn’s user base, over the past 
five years, the fastest growing career has been software engineer, with data 
analyst making the top ten list. Administrative assistant was the slowest grow- 
ing career over the past five years.” 

There are many options for a career in AI. Here are six of the top careers, 
according to the Business Student website:*° 


e Data scientist. A data scientist analyzes large data sets to follow patterns 
and find trends, allowing organizations to develop strategic plans and 
make effective decisions in a timely manner. 
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e Machine learning engineer. Computer programmers with a strong 
background in languages such as Python and Java may work as machine 
learning engineers in industries such as technology, aerospace, and 
finance. 

e Software developer. Programmers with complex programming skills 
support the development and deployment of AI and machine learning 
systems in industries such as healthcare, telecommunications, and law 
enforcement. 

e Robotics scientist. Engineers who are responsible for robots, such as 
Alexa and Roomba, develop products that can take years of research and 
development before being released to the public. 

e Business intelligence developer. Data scientists working as business 
intelligence developers look for market trends that make data usable for 
business; these developers often maintain the cloud-based data storage 
systems. 

e Al research scientist. Specialists in machine learning, applied mathe- 
matics, and computational statistics, AI research scientists are respon- 
sible for developing the machine learning solutions for a variety of 
applications. 


Critical Automating with Vision Systems 


Thinking = DECISION MAKING 
Exercise 


Elite Manufacturing (fictional) is a midsized textile manufacturing company. The 
company has been successful over the past forty years in producing high-end sports 
clothing for sporting goods stores and athletic teams. Part of the success for Elite 
Manufacturing has been a team that keeps the company up to date with the latest 
technology. 

The executive leadership at Elite has decided to launch a new line of casual 
wear but wants this part of the manufacturing plant to be automated. The technol- 
ogy team—led by managers Giovanny Miele and Sarah Lunsford—has been tasked 
with researching the best solutions for this endeavor. Each team member has been 
given a different area to research and report back to the group. 

Your area of responsibility is identifying the vision system and components 
needed for the production line. This new endeavor will ultimately move Elite from 
a midsized company to a large company. Your task is to find solutions that will 
manage the capture of images that have proven to be successful with automation. 
Your team is counting on you to have a viable solution to work with their area, 
such as software and infrastructure (cameras), but not the hardware (robots). The 
executive leadership at Elite is looking at the technology team to lead them into 
the future with the successful launch of a new manufacturing venture. 


Review Questions 

1. What advantages might be gained from moving to an AI system, such as a vision 
system, for a production line in place of a person-driven production line? 

2. Can you think of any possible disadvantages to this approach? 

3. What software platforms, or vendors, would be recommended for this type of 
environment and why? 


Critical Thinking Questions 

1. What additional questions need to be answered before you can decide if the 
database as a service approach is right for your firm? 

2. How might such a move affect you and your role? 
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machine learning: The ability of 
a computer to learn without having a 
programmer change the software for 
every scenario it encounters. 


Machine and Natural Language 3 A 


In 1959, Arthur Samuel defined the term machine learning as the ability of a 
computer “to learn without being explicitly programmed.” In other words, it 
refers to a computer that can learn without having a programmer change the 
software for every scenario it encounters. Data analysts use machine learning 
tools to develop predictive analytic models. From each iteration of data, the 
computer will learn from the past process and look for trends and patterns to 
produce reliable results.*! These predictive data models are used by data and 
business analysts to predict future business operations, called predictive ana- 
lytics, enabling faster and more accurate decision making. Predictive analytics 
is not the same as machine learning, but they are linked through predictive 
modeling. 

The terms AI and machine learning are often used interchangeably; how- 
ever, the terms refer to different functionality. As discussed in the previous 
section, AI mimics the function of a human brain. Machine learning, on the 
other hand, involves a computer carrying out tasks based on inputs and a set 
of instructions. The difference between the two is how the information in pro- 
cessed. In machine learning, the algorithms change as the machine learns about 
the information it is processing.” In AI, the process runs through an artificial 
neural network to find the proper response. Both types of systems are learning, 
but the learning process is different. 

Machine learning is a subset of AI, and natural language processing is a 
function of machine learning. We use natural language processing every day 
without realizing we are training a machine to provide better service to the next 
user. Several apps (mobile applications) such as speech-to-text on your cell 
phones, calling customer service with an automated answering system (“Say 
Yes to continue”), and using Google search are just a few of the many examples 
of how natural language processing is used to train a computer. 


Machine Learning Training 


Machines must go through training to develop a basis for learning. Different 
types of machine learning are used in different applications depending on the 
type of data available for the process. Each learning style has the same goal: 
Learn from the patterns, restructure the data into something useful, and return 
an analysis of the data to give an answer to a complex problem. Many of these 
problems are highly complex, requiring speed and accuracy in calculating the 
answers. Machine learning is still learning, though, and in some industries, such 
as healthcare, the answers are still a work in progress. 

See Table 11.1 for a comparison of four machine learning types, which are 
discussed in more detail in the sections that follow. 


TABLE 11.1 Machine learning type comparison?334 


Supervised Learning 


Labeled data set 
Comparative answers 
for feedback 


Semi-Supervised 


Unsupervised Learning Reinforced Learning Learning 
e Unlabeled data set e Unlabeled data set © Combined data set 
© No comparative answers è = Trial-and-error learning © Improves learning 
e Must infer answers from è Interacts with environ- accuracy 
hidden functions ment to discover errors ®© Requires skilled and 
and rewards relevant resources 


èe Relies on feedback to 
determine results 
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supervised learning: Machine 
learning using a labeled data set and 
examples to produce output that is 
compared to a predefined correct 
output. 


FIGURE 11.9 


Labels are applied to data 


used in supervised learning 
Labels are applied to each differ- 
ent section of the picture. Each 
person, group, and movable item 
are assigned a label to help in the 
supervised learning process. 


unsupervised learning: Machine 
learning using an unlabeled data set 
and no examples. The data is labeled 
through observations, and learning is 
through observation. 
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Supervised Learning 
Supervised learning is like a child learning a new game with rules that must 
be learned. The child is not expected to remember every rule during the first 
game. However, as each game is played, the child will remember more rules 
and will become more proficient until they become the expert player. Machine 
learning follows this same pattern for much of the learning process. 
Supervised training begins with a known set of data in a training environ- 
ment. The data must be labeled or have a tag applied to it. See Figure 11.9. The 
data does not have to reside in a structured database, but each piece of data 
must have some type of name associated with it. For example, a picture of a 
mountain must have a tag such as “mountain” associated with it. Without this 
tag or label, the machine cannot associate the correct response when presented 
with another picture of a mountain or when asked a question requiring the 
machine to return a picture of a mountain as a response. 


After the data is provided, examples are input into the system, and the 
machine runs through different scenarios. The output is compared to a pre- 
defined correct answer. The machine “memorizes” or stores these correct 
answers, thus learning from each correct test. 


Unsupervised Learning 

Unsupervised learning is also like a child learning a new game or skill, but 
with no written directions. Imagine sitting in class and watching a demonstra- 
tion of a complex math problem being solved. You are not allowed to take any 
notes, and the instructor works through the problem quickly with no verbal 
explanations. You are then handed a blank sheet of paper with a series of num- 
bers without any instructions. You do not know what the numbers represent, 
but you are expected to figure out the answer to a problem. This is much like 
unsupervised learning. 

Unsupervised machine learning requires a training data set. The data in the 
training set is not labeled, and the machine must learn from observing to infer 
the correct answer. As each algorithm is processed, the computer restructures 
the data into something more useful, adding labels or classes that it can use 
for the next iteration. The computer observes and compares similarity between 
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reinforced learning: Machine 
learning using trial and error on 

an unlabeled data set. Learning is 
gained through positive and negative 
feedback. 


semi-supervised 

learning: Machine learning using 
a combination of supervised and 
unsupervised learning techniques. 


objects to assign these classes. For example, if the data set includes two pic- 
tures of a mountain, a class of “mountain” may be assigned to both of those 
images. In the next test, if there is a question concerning a mountain, then 
these pictures will be retrieved. 

With unsupervised learning, tests do not have formal correct answers. The 
goal of this type of training is for the machine to train itself to learn from the 
input and be in a mode of continuous improvement. We see this in practice 
every time we use an online search engine. If we go to our favorite shopping site 
and enter the search term “oil,” we may see engine oil, cooking oil, essential oils, 
and bath oils in the search results. If we purchase essential oils, the next time we 
search that site, essential oil will likely be a recommended search. The machine 
has learned that our preference in oils is for essential oils and not engine oil. 


Reinforced Learning 


Reinforced learning begins with the same type of training data set as is used 
in unsupervised learning. The data is not labeled, and the algorithms must run 
through multiple iterations to restructure the data into a format that can be 
used in the next sample. The difference comes in the feedback that is received 
in reinforced learning. When a solution is returned, either positive or negative 
feedback is returned from the program, and the machine learns to keep the 
process as-is or to try again with a new method. The machine also uses input 
from the environment in the decision-making process. 

This trial-and-error method of learning emulates the human approach to 
learning. A small child learning to walk will take a step, fall down, look for 
feedback from the parent, and then try again. As we get older, we follow this 
same pattern in learning in school, in sports, and in play. Do you remember 
the first time you played your favorite video game? You had to learn each level 
through trial and error. Each time you failed a level, you learned what not to 
do, and the next time you advanced further in the game. Each decision you 
made had a consequence—some good and some bad. 

Machine learning using this method may result in multiple errors until the 
machine learns how to navigate the data for ultimate success. Each failure is 
recorded, and the machine learns which path not to take in the future. After 
each successful test, a new scenario is given, and the testing resumes. This is 
the type of learning used when training autonomous cars. The input from the 
environment could be from other cars, trees on the side of the road, or even the 
sun reflecting off another car. All of this input provides valuable information as 
the machine decides whether to apply the brakes or increase speed. 


Semi-Supervised Learning 

Semi-supervised learning is a combination of supervised and unsupervised 
learning. The data set contains both labeled and unlabeled data. The labeled 
data is a smaller set of data, with the larger set unlabeled. These systems have 
a greater learning capacity than unsupervised systems. 


Machine Learning Across Industries 


Machine learning, as a subset of AI, continues to affect many industries. As 
more functions become automated, companies will need to increasingly rely 
on machine learning to operate and remain competitive. In our daily lives, we 
use machine learning every day to navigate everything from our Bluetooth- 
connected devices to asking for directions to ordering movie tickets. 

Each industry has unique technology requirements, and machine learning 
is developed to work on an industry-specific basis. Business rules must be 
designed and algorithms developed for each industry before a machine can 
be trained. In this section, we will look at how machine learning has affected 
four major industries. 
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Data Analytics and Cybersecurity 

Data analytics is a growing industry, and more organizations are relying on data 
models to make strategic plans and make decisions that help them become 
more profitable and run more efficiently. Strategic planning and forecasting 
analytical models rely heavily on predictive analytics, and machine learning 
is an excellent platform for predictive analytics. The algorithms built into the 
training provide a basis for predictions, and the calculations can be accurately 
performed at a greater speed than manual. 

Cybersecurity is another industry that is advancing through the use of 
machine learning. Cybersecurity is one of the top risk factors in any organi- 
zation, and an IT department may spend a large portion of its budget protect- 
ing data from hackers. Part of that protection comes in the form of antivirus 
software. A traditional, non-machine learning, antivirus software definition 
looks for a signature of known malicious software. Security software that uses 
machine learning works by finding anomalies in the patterns, or trends, in the 
data. These anomalies may point to suspicious behavior on the network, which 
can mean unauthorized entry or virus activity. According to McAfee, hackers are 
already making use of machine learning in the form of malware. One example 

cryptocurrency: A digital currency, is WaterMiner, a cryptocurrency mining malware program. Cryptocurrency is 

such as Bitcoin, used for financial a digital currency, such as Bitcoin, used for financial transactions. WaterMiner, 

irangactions, a new type of malware distributed through games, which has “learned” to 
hide from monitoring tools, will disable itself when the Task Manager or an 
anti-malware scan is launched on the computer on which the program has 
been downloaded.’ 

One company utilizing machine learning and AI is Palo Alto Networks. Palo 
Alto uses cloud computing to aggregate customer data and improve cyberse- 
curity. Palo Alto founded the Cyber Threat Alliance, along with Cisco, Intel, 
Symantec, and Check Point Software Technologies to share information on 
growing threats and how to defend against them. Palo Alto’s CEO, Nikesh 
Arora, says “security firms may need to build and share adversary playbooks 
as threats evolve.”*37 These companies are either developing in-house AI appli- 
cations or merging with smaller AI companies to increase the cybersecurity 
opportunities. In March 2017, Palo Alto purchased a behavioral analytics firm, 
Light Cyber, and has recently announced an AI partnership with Mist Systems. 


Insurance 


All types of insurance companies gather a tremendous amount of data—about 
their clients, their competition, and the environment—that is used to set pre- 
miums. The automotive insurance industry has turned to machine learning to 
process this data and improve both business operations and customer satis- 
faction. Customers want two things from their insurance company—excellent 
coverage and low prices. For this to happen, companies must be able to ensure 
that the drivers are meeting safety standards. 

Four of the top auto insurance companies are using the same types of 
applications to lower cost and improve their operations. Chatbots and other 
similar applications allow customers to get answers quickly or get advice with- 
out long wait times over the phone. Allstate’s virtual assistant is called ABIe 
(pronounced “Abbie”) and processes over 25,000 inquires a month. Another 
application is driver performance monitoring. State Farm and Liberty Mutual 
have launched apps that will help monitor a driver’s safe driving habits— 
including texting while driving—and give instant feedback in the event of an 
accident. Drivers can send images of the car to receive quotes on damages to 
the vehicle. State Farm is using the app for safe driving to calculate discounts 
for the customer. Progressive Insurance is using predictive analytics algorithms 
on data gathered from drivers using the Snapshot mobile app or plug-in device. 
Most drivers receive a discount after six months of safe driving.’ Each of these 
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optical character recognition 
(OCR): Technology that distinguishes 
printed or handwritten text in a digital 
image, such as a scanned document, 
that is converted into a computer- 
generated document, such as a PDF. 


apps have automated and send the information through an automated process. 
There is not a human on the other end of the chat window. This is an example 
of machine learning, in that the machine has learned how to interpret the 
images sent or the text being sent and return the appropriate response. 

Machine learning also helps insurance companies process claims. Using 
predictive models, created during the machine learning process through mul- 
tiple iterations of testing, insurers can develop a better understanding of costs, 
and the automated processes allow for claims to be processed faster. Some 
claims processing can begin when an accident occurs, as in the case of Liberty 
Mutual, which allows drivers to send images of vehicle damage and receive a 
preliminary quote. Other claims can be proactive in their investigations through 
using optical character recognition (OCR). Tokio Marine, an insurance com- 
pany headquartered in Japan that has coverage in over thirty countries, has a 
cloud-based OCR claims notice system that has reduced the document input 
load by 50 percent and has had an 80 percent reduction in human error. Their 
claims are now being processed faster and with fewer errors.* This system 
can read the complicated characters of written languages, such as Chinese 
and Japanese, and translates them into the computer. Although OCR has been 
around for many years, machine learning has learned how to translate the dif- 
ferent languages and dialects into the correct information that allows insurance 
companies to process claims faster and with fewer errors. 

Fraud has been a problem in the insurance industry since its beginning. 
Auto insurance investigators often find instances of fraud ranging from staged 
accidents to driving with license tags from a different car or even blaming 
another driver for an accident. The investigations into these claims takes time 
and money, and sometimes the claims must be settled in court. The FBI esti- 
mates that the cost of insurance fraud, excluding health insurance, exceeds 
$40 billion annually. Unfortunately, the cost of this fraud is passed on to all 
motorists. Insurance companies are increasingly relying on machine learning to 
improve the accuracy of fraud detection through the use of predictive models. 
As fraud is not predictable, the data sets are not structured, and the unsuper- 
vised learning methodology allows the data to be compared to similar items, 
allowing for fraudulent behavior to be flagged. 

Machine learning has helped the insurance industry lower costs, prosecute 
fraud, and manage business operations. Customer service has increased, based 
on the top four insurance companies, and predictive models continue to grow 
in the insurance industry as machine learning is adopted in more companies. 


Logistics and Supply Chain Management 
Logistics and supply chain management covers everything from manufacturing 
to the transportation industry. Goods must be produced and then transported 
to market. The question is how best to get the supplies to the point of man- 
ufacturing and the completed products to the consumers. This has been a 
logistical problem for every business owner since time began. Predictive anal- 
ysis, known as forecasting, has been used by manufacturers for many years 
to predict how much product needs to be produced for the next season. For 
example, a manufacturer of Christmas ornaments begins receiving orders from 
retailers in June, with shipments starting in early August. This means ornament 
production must begin in April to meet the orders. The manufacturer must 
accurately forecast its production needs so it has the materials on hand and 
can begin producing the product before the orders even arrive. The production 
lines are then scheduled based on when the orders are scheduled to ship, and 
the warehouse is staged for the arrival of the trucks. All of this is accomplished 
through computer scheduling system. 

So how does machine learning work on a much larger scale? The data 
collected in a global manufacturing company, for instance, is massive. The 
variables involved include multiple locations, orders coming in via phone and 
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FIGURE 11.10 


An industrial robotic arm 
gripping a blue plastic box 
container that is put on a 
conveyor belt for transport 
to storage in a smart factory 


warehouse 

The robotic arm moves the shipping 
containers to the conveyor belt for 
transport. If the robot detects a 
problem with the container, it is not 
placed on the conveyor, but is set 
aside for manual inspection. 
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online, multiple payment methods, and different shipping addresses that must 
be accounted for—all while keeping customers happy. The computer systems 
underlying large global operations must run efficiently and provide accurate 
data. Machine learning allows companies to reduce cost while enhancing 
responsiveness. The use of computers results in fewer errors, especially in the 
routine tasks that can be overlooked by humans in a busy high-traffic area. 
The transportation industry makes use of machine learning and algorithms to 
schedule the correct number of vehicles for the minimum amount of freight, 
saving the company shipping costs.*! 

Machine learning involves training computers in the use of visual patterns 
and environmental recognition. This gives companies the ability to isolate 
problems during inspection at an earlier point of production and at a faster rate 
than with traditional methods. The computer can scan supplies before they are 
placed on the production line, inspect each item as it is produced, and then 
check each package as it is moved into the shipping process (see Figure 11.10). 
If an item is damaged, the computer can flag it to be removed. If multiple items 
in a production line are damaged, the computer can quickly determine if the 
machine is at fault and suggest corrections. These processes are extending the 
life of equipment and improving quality management. Production planning and 
scheduling is becoming more accurate as machine learning helps companies 
balance the supplier-to-customer load more efficiently. When the suppliers can 
optimize their delivery schedules, the manufacturers can produce the product 
faster, and retailers and consumers can receive their goods on time.” 


i 
i 
if 
i 
i 
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Healthcare 


AI and machine learning are used in many different ways in the health- 
care industry, and the use of technology is continually expanding, with new 
advances, both in medical research and in operations. Later in the chapter we 
will discuss the use of robotics in healthcare. In this section, we focus on two 
applications of machine learning and how they have affected healthcare. 


Electronic Health Records 

Electronic health record (EHR) systems, which are used in most medical offices 
in the United States, contain a patient’s medical history and can be shared with 
other medical facilities. Patient portals allow patients to view their records 
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An electronic medical record 
shown on computer display 
Electronic Medical Record and 
Electronic Health Record systems 
are the data collection systems in 

a medical office. Machine learning 
uses this data to build the predictive 
models in helping to predict dis- 
ease prevention screenings. 


and send messages to their physicians. After medical providers began moving 
from paper to electronic records, the amount of data collected and stored grew 
exponentially. Medical data comes in both structured and unstructured formats. 
For instance, MRIs, CT scans, and X-rays are now stored digitally and can be 
transmitted to other facilities through EHR software. Medical offices no longer 
must print out large scans and send them via courier to your doctor’s office 
for viewing. 

The amount of data stored in an EHR allows for data analysts to predict 
everything from required staffing levels in the emergency department to dis- 
ease prevention screenings. As discussed in the opening case, machine learning 
is being used in healthcare diagnostics. As more data is fed into the system, 
the learning process detects the predictors of disease, including age, family 
history, environment, weight, along with other factors. Predictive models are 
then created through the machine learning process. Predictive analytics then 
uses these models and the algorithms programmed into the computer to review 
the patient data. When considering disease prevention, one thing that is easily 
programmed is what tests should be offered for each age level. As you reach 
milestone ages, for example, age 50, you will begin to receive reminders that 
preventative tests are due, or suggested, for your age group. You will get these 
reminders until they are scheduled, or your doctor removes the reminders; see 
Figure 11.11. More complex predictions involve the use of unstructured data, 
such as a CT scan, along with the structured data that makes up a patient’s 
medical history. The semi-supervised learning process may be used to pre- 
pare the computer to review scans and predict a diagnosis. The data must 
be reviewed for accuracy, however, as the data (such as family history) in an 
EHR may be inaccurate or incomplete, impacting the validity of a diagnosis. 
According to Ziad Obermeyer, assistant professor of emergency medicine at 
Brigham and Women’s Hospital, “another problem is understanding what it is 
you're getting when you’re predicting a disease in an EHR . . . The biggest chal- 
lenge will be making sure exactly what we’re predicting even before we start 
opening up the black box and looking at how we’re predicting it.”* Patient 
and family history must be complete and accurate for the machine learning to 
create the correct prediction; otherwise, the physicians will be working with 
only partial data. 


EMR Electronic Medical Record 


SS er 


Personal Information Administration h Medical information 


Smoking Status 
Unser ate 


Alcohol 
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Healthcare fraud can cost an 
individual up to $250,000 and 
10 years in prison if convicted 
Healthcare fraud costs taxpayers 
approximately $2 billion a year. 
Machine learning and Al can help 
find and prosecute these criminals. 
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Healthcare Fraud 


Healthcare fraud comes in many forms. There are some people that try to 
gain healthcare benefits when they do not qualify. This may come in terms of 
using a stolen medical identity or claiming benefits after a policy has expired. 
These types of claims cost the insurance companies and medical practices 
thousands of dollars each year, and it is the fraudulent activities of healthcare 
providers that concern insurance and government the most. These cases cost 
insurance companies, medical facilities, and ultimately consumers millions 
each year. In 2018, The Department of Health and Human Services Office of 
Inspector General reported that along with state and federal law enforcement 
officers, more than 600 defendants in 58 federal districts were charged in 
fraud schemes totaling approximately $2 billion dollars in the Medicare and 
Medicaid system. Along with their investigation into fraud, exclusion notices 
were issued to 587 doctors, nurses, and providers concerning opioid abuse 
practices.“ This task force was sending a clear message that healthcare fraud 
in a taxpayer system was being taken seriously. See Figure 11.12. In 2019, the 
Department of Health and Human Services’ issued a request for proposals for 
Intelligent Automation/Artificial Intelligence (IAAD solution services. These 
services would use machine learning to look at the data collected and find the 
data patterns that were not normal to detect fraudulent transactions and help 
to identify suspects.” 


Insurance claims are filed using the same method every time. A physician 
who is committing fraud for monetary gain will not change the method of 
filing, as this would draw attention to the claim. These filings may be for pro- 
cedures or for prescriptions. However, this can also be the way they are caught. 
A lot of fraudulent claims are for the same procedures, visits, or prescriptions 
in a short period of time. Most medical practices will electronically transmit 
prescription to pharmacies. In cases of fraud, a pharmacy may be submitting 
prescriptions under one person’s insurance when they are really for another 
patient, or the pharmacy may submit and be paid for prescription refills that 
have not been ordered by the patient. Machine learning is sometimes used 
to track these patterns to determine when fraudulent billing practices have 
occurred. One company that employs machine learning is SCAN Health Plan. 
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natural language processing 
(NLP): The part of machine language 
that allows computers to understand, 
analyze, manipulate, and generate 
natural language for processing. 


deep learning: Allows programs 
to grow and learn from examples 
provided users, either typed or spoken. 


When the company began receiving complaints from customers about receiving 
refills they had not ordered, it used the Alteryx analytics system to monitor 
the billing data being received from pharmacies in its network. Using the anal- 
ysis, SCAN was able to identify multiple pharmacies with fraudulent billing 
practices—saving the company more than $2 million.“ 


Natural Language Processing 


Natural language processing (NLP) is a part of machine learning that allows 
computers to understand, analyze, manipulate, and generate natural lan- 
guage for processing. This means it translates what it learns into the speaking 
language of choice when “talking” back to you (press 1 for English, 2 for 
Spanish, 3 for French, etc.). Many companies provide natural language process- 
ing help over the phone to guide a caller to the correct department or person. 
For example, when a call comes into a bank, department store, or customer 
service department, the call may be answered by a computer, which offers the 
caller a menu of options. A caller might be prompted to “say the option or 
type in the number of the option to continue.” The natural language processing 
component has been trained to listen for an answer and direct the call to the 
correct person or department. To accomplish this, the computer must learn to 
interpret natural language, as people may respond differently to the prompts. 
One person may say “one,” another may say “number one,” and another may 
say “option one.” Also, voices, accents, and dialects vary significantly, which can 
impact the computer’s ability to interpret a response. If the computer cannot 
correctly interpret the option given, it will direct the caller to try again or will 
transfer them to an operator. This can sometimes be frustrating for the caller, 
but in a system that makes use of machine learning, the computer is learning 
from this process to make it easier for the next caller. 


Search Engines 


Natural language processing is widely used in search engines. Each time a 
search is entered, the engine must interpret what the user is looking for and 
return the relevant results in a timely manner. If the search engine spent time 
asking questions to clarify the meaning of the search, the user would likely turn 
to another software to get answers. One of the challenges is in how computers 
“listen” and how humans speak. Computers expect to hear a programming 
language, and humans speak in a variety of ways. Every language may have 
different dialects, including slang, and the context of the sentence may cause a 
word to have a different meaning. For example, the sentence, “that’s just great,” 
may mean a person is very happy with the outcome of a test. However, if they 
came out of work to find a flat tire on their car, the same sentence could mean 
extreme disappointment. The computer must learn the context of the sentence 
to interpret it correctly. 

A search engine must look at all the words entered or spoken into the 
search field to determine which result to display. When searching for “cloud 
computing,” the program must look at both words to determine that the search 
is not for the puffy white clouds in the sky, but rather a type of data storage. 
The more direct the search term, the more relevant the responses will be. Most 
search engines now also return a list of “also asked questions” to determine if 
there is another way of asking the same question or to present additional ques- 
tions that have been asked about the same topic. These algorithms are built 
into the search engines, but the learning process that builds the algorithms 
continue to learn as they are used. This is called deep learning. Deep learning 
allows the programs to grow and learn from the many examples provided by 
the users, either typed or spoken. This is also how a speech-to-text application 
is trained. Each time you use the speech-to-text app on your smartphone, it 
learns more about your voice and how you say your words.“ 
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Google Translate mobile app 
The Google Translate app allows 
quick and easy translations on any 
mobile device. 


brain computer interface 
(BCI): Technology that interacts with 
a human’s neural structure (brain) and 
translates the information (thoughts) 
into activity (actions). 
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Translators 


Online translators must be trained in more than just word-to-word translations. 
Grammar rules and punctuation can make a difference on how a sentence is 
read and how it is interpreted in another language. Figure 11.13 shows the 
Google translator app that is easy to use. Some translations are more difficult 
than others. The simple translations are those where the words have a one- 
to-one match. The harder translations have a different sentence structure. For 
example, in the sentence, “Look at the red car,” the Spanish translation is “Mira 
el carro rojo.” Notice that the adjective in the Spanish translation “rojo” (red) 
comes after the noun “carro” (car), but in the original sentence, the phrase 
appears as “red car.” The algorithm must translate the entire sentence, not just 
the word. 


PixieMe/Shutterstock.com 


Translation apps for mobile devices must also be trained for speech rec- 
ognition. When using an app for business, it is important to know that the 
translator is accurate, and it has been trained for your voice. If the translation 
is incorrect, there is a risk of offending someone and losing business. If you 
are the customer and using a translator to purchase items, you may purchase 
something you did not want or in quantities that you do not need. 


Brain Computer Interface 


AI involves trying to make a computer work like the human brain. The com- 
puter needs to accept input, process information, and make a decision based 
on a set of parameters. The computer must be programmed to make these 
decisions. To make a computer truly think and act like a human, scientist have 
spent years studying the human brain. The brain computer interface (BCI) is 
technology that interacts with a human’s neural structure (brain) and translates 
the information (thoughts) into activity (actions). See Figure 11.14. Experiments 
in BCI have been ongoing for fifty years. The first successful experiment was 
published in 1977, when a patient was able to move a cursor across a screen 
using only the brain’s electrical signals. Once a successful trial was completed, 
the door was opened for other areas of research and development in the 
medical field.* 


Medical Research 

The medical field is seeing tremendous growth in the use of BCI technology. 
Researchers have been working on devices such as the cochlear implant, which 
uses BCI to give the deaf or severely hard-of-hearing patients “the sense of 
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FIGURE 11.14 


Woman wearing a 


brainwave-scanning headset 
To map the brain accurately, a 
brainwave-scanning headset must 
be worn during testing. The infor- 


mation is translated into activity. 
Shutterstock: 1036798282 


Cochlear implant 

The Cochlear Implant picks up sig- 
nals and converts them into sounds 
allowing hearing impaired persons 

to hear. 


sound.” The device picks up signals and sends them directly to the brain via the 
auditory nerve. This is different from normal hearing, and it uses both an exter- 
nal and implanted device to receive and process the sound; see Figure 11.15.” 


BCI is being used in other areas as well, including the development of 
prosthetic limbs. You are reading this book, either in print, online, or through 
a reader. Did you stop and think about the steps you used to open or start 
the book? For a traditional printed book, did you concentrate on moving your 
arm, then hand, and then fingers to lift the book, open the cover, and turn the 
page? For an online book, did you think about how you clicked on the book, 
or selected the reader? How did you select the right spot in the book to start? 
If you have a prosthetic limb, these are the steps that must be taken for the 
arm to work. BCI can makes these steps possible, and with more advanced the 
technology there comes a higher level of function and control for the patient. 
Advanced research conducted at Johns Hopkins University has produced a 
prosthetic limb that can perceive both touch and pain. This research took many 
hours of mapping, but the result was that the patient could “feel” again through 
the artificial limb. The research is ongoing, and prosthetics will continue to 
become more sophisticated as BCI technology advances. 
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Research is also being done on other types of injuries and diseases. Every 
day patients arrive in emergency rooms after accidents that have caused spinal 
cord damage or other trauma resulting in a loss of speech or motor function. BCI 
can help to restore these functions. Leigh Hochberg, director of the Center of 
Neurotechnology and Neurorecovery at Massachusetts General Hospital has set 
a challenging goal for her department: “If I’m in the neurology ICU on a Mon- 
day, and I see someone who has suddenly lost the ability to move or to speak, 
we want to restore that ability to communicate by Tuesday. By using a BCI and 
AI, we can decode the neural activities associated with the intended movement 
of one’s hand, and we should be able to allow that person to communicate.”*! 


DARPA 


The Defense Advanced Research Projects Agency (DARPA) has long been 
involved with BCI technology. In 2013, President Obama announced the BRAIN 
(Brain Research through Advancing Innovative Neurotechnologies) Initiative 
with the goal of uncovering new treatments and cures for brain disorders such 
as Alzheimer’s, epilepsy, and traumatic brain injury. DARPA worked to support 
this research initiative with several programs. Two of these programs were 
the RAM (Restoring Active Memory) program and the RAM-Replay program. 
These two programs were designed to help restore a patient’s memory, retrieve 
existing memories, and facilitate new memories in patients who have sustained 
a traumatic brain injury or contracted a neurological disease.” 

DARPA has continued its research into BCI, and in 2015, in an experiment 
it conducted jointly with the University of Pittsburgh, a paralyzed individual 
was able to control multiple aircraft in a flight simulator through a surgically 
implanted microchip. The significance of this study was that the individual was 
able to receive signals from each of the aircraft, thus proving the concept of 
a bi-directional interface. The operator could sense the environment around 
each aircraft, understand if the surroundings held potential threats, and react 
accordingly.” 

Battelle, an Ohio-based nonprofit focused on applied science and technol- 
ogy development, was awarded a contract in 2019 by DARPA to research and 
develop a solution for DARPA’s Next-Generation Surgical Neurotechnology 
program (N°). N? is intended to be a bi-directional BCI that will work with 
healthy service members as a minimally invasive device. N? would allow for 
multitasking during critical missions. The goal of the program is to create a 
BCI-based solution that soldiers can use for functions such as communication 
and control of cyberdefense systems and unmanned ground and air vehicles.** 
Battelle’s system, called BrainSTORMS (Brain System to Transmit or Receive 
Magnetoelectric Signals) is a system that will be temporarily introduced into 
the body via an injection. The nanotransducer would be placed into a specific 
area of the brain and would communicate with a receiver in the soldier’s hel- 
met. Once the nontransducer is no longer needed, it would be magnetically 
guided out of the brain to be naturally processed out of the body. The Air Force 
Research Laboratory will conduct the human demonstration studies before the 
finalized product is released. This contract is expected to cost DARPA approx- 
imately $20 million over four years.» 


Critical Intel Profits from Al 


Thinking 2 INFORMATION TECHNOLOGY 
Exercise 


Intel has incorporated AI, machine learning, and advanced analytics into the many 
of the organization’s key departments, and it is paying off for the company in a 
big way. In its 2018-2019 IT Annual Performance Report, Intel reported that this 
strategic move has delivered over $1 billion in business value. Paula Tolliver, Intel’s 
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Robotics 


robotics: Technology using 

a combination of mechanical 
engineering, computer science, and 
machine learning to create a device 
that can perform tasks with a high 
degree of precision. 


vice president and chief information officer, had this to say, “Intel is pushing the 
boundaries in areas such as AI, 5G, and autonomous vehicles, and Intel’s Infor- 
mation Technology team is a critical partner in this work.” The data has shown 
a significant saving in hours with the new technology. The time-to-market has 
decreased by 52 weeks with the implementation of machine learning, and over 
930,000 people-hours have been saved per quarter with updated applications and 
faster deployment of systems.” Without the use of AI, the applications could not 
have been updated and deployed as fast and the time-to-market would not have 
been decreased. Intel relies on this competitive edge to stay a market leader. 

Two areas targeted by Intel were sales and marketing and supply chain man- 
agement. In sales, Intel piloted its Sales Assist program, which collected more data 
for analysis. Sales Assist allows customers to put in their orders, both for sales and 
fitting room orders. This technology is being used in brick-and-mortar stores. This 
technology enabled the account managers to service the customers more efficiently, 
with a $46 million positive impact on sales, as well as gather sales and interest data. 
Machine learning has helped Intel transform its supply chain management system 
to optimize parts inventory and delivery systems. Intel has 600 facilities in 63 
countries, so the logistics of manufacturing and delivery take complex algorithms 
and a large amount of data to be accurate. The predictive models allow for more 
accurate forecasts on where the supplies need to be shipped and the shipments 
can be staged more efficiently. The implementation of an automated system has 
increased savings by $58 million.” 


Review Questions 

1. Why is supply chain considered a “key area” for Intel in terms of AI and 
machine learning? 

2. Can you think of any possible disadvantages for Intel moving to AI? 


Critical Thinking Questions 

1. Intel is not a new technology firm. Why do you think its move to AI has taken 
so long, and do you think this has helped or hurt the organization? 

2. If you were a managing director in the information technology department, 
what departments would you advise Paula to target next and why? 


E i 
as a 


Robotics is a combination of mechanical engineering, computer science, AI, 
and machine learning used to create a device that can perform tasks with a 
high degree of precision. Most of these tasks are deemed tedious or dangerous 
for humans. The idea of robots is not new; cartoons dating back to the 1960s 
portrayed robotic housekeepers and pets. However, we are now beginning to 
see practical applications of robotics in many areas, such as manufacturing, 
healthcare, gaming, and logistics. Drones are being used to deliver packages, 
robots are used to vacuum homes, and toy dogs are entertaining children. 
Pittsburgh, Pennsylvania, is becoming a center for robotics, as technology 
firms populate the city’s “Robotics Row.” The need for employees in the 
field of robotics has continued to grow, and in an effort to help fill that need, 
Pittsburgh-based Carnegie Mellon University began offering an undergraduate 
degree in AI through the university’s School of Computer Science in 2018. 
According to Andrew Moore, dean of the School of Computer Science, “Spe- 
cialists in artificial intelligence have never been more important, in shorter 
supply, or in greater demand by employers.” Reid Simmons, the director of the 
new program whose personal research has focused on mobile robots, says, 
“By combining the strengths of a number of the departments of the School of 
Computer Science, we were able to put together a comprehensive curriculum.” 
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Cartesian robots can be used 
for 3D printing 

This 3D printer is a cube-shaped 
printer capable of printing complex 
designs. 
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This curriculum will give the students a full education in AI, machine learning, 
robotics, as well as the ethics to govern their actions.” 


Industrial Robots 


Robots have a different look-and-feel in the industrial world than in healthcare 
or household products. Industrial robots are designed for speed, accuracy, and 
safety. The size and look of industrial robots is dependent on the application 
for which they are designed. Some are large models that work independently, 
while others are small and designed to work with humans. In the following 
sections, we discuss three of the most common types of robots used in indus- 
trial applications. 


Cartesian Robots 


Cartesian robots take up a smaller space, called a footprint, and move in 
straight lines. One of the most common applications for Cartesian robots is 
for 3D printing (see Figure 11.16). These robots are easy to program, can be 
customized for many different projects, and come in different shapes and sizes, 
based on the needs of the company. 3D printers may be more cube-shaped than 
other types of robots, based on what they will be printing. Although easy to 
use, assembly can become very complex based on the level of customization. 


Kjpargeter/Shutterstock.com 


SCARA Robots 


Selective Compliance Assembly Robot Arm (SCARA) robots are easier to inte- 
grate into complex printing designs than Cartesian robots. SCARA robots have 
both a lateral movement and a rotary movement, and they can move faster 
than Cartesian models (see Figure 11.17). SCARA robots are often used in the 
biomedical field because they are faster and have a wider field of movement.*! 
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FIGURE 11.17 


SCARA robots are faster and 
can have both lateral and 
rotary movements 

SCARA robots can print faster than 
a standard 3D printer and are used 
widely in the healthcare field. 


Articulated robotic arms 
mimic the movement of a 
human arm 

Articulated robotic arms are used 
widely on manufacturing production 
lines because they can function 
much like a human arm. 


A 
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Articulated Robot 


An articulated robot (see Figure 11.18) is made to function like an arm. These 
robots may have ten or more rotary joints that can move up and down like an 
elbow but that can also twist. Articulated robots are frequently used in indus- 
trial manufacturing settings, such as on automotive lines, as they can move 
quickly and with precision. The unique twisting joints allow articulated robots 
to accomplish tasks that could be hazardous for humans.6>6 


Andrey Suslov/Shutterstock.com 


Industry Applications 


Robotics, along with AI and machine learning, is being applied in many indus- 
tries, but the automotive industry was one of the first industries to embrace 
robotics. At one time, there was fear that robots would take over the auto 
manufacturing plants and workers would lose their jobs, especially because at 
the time robots were introduced into the auto industry, they were found very 
few other industries. In fact, in 2005, over 90 percent of all robots were in the 
auto industry; see Figure 11.19. However, according to the former CEO of the 
Center for Automotive Research, Dr. Jay Baron, “Without this automation, our 
factories would have been obsolete a long time ago. Automation is necessary 
for safety, quality, and productivity.” 
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FIGURE 11.19 


Robots working on an auto- 


motive production line 

The articulated robotic arms allow 
the automotive production line 

to move quickly with precision 
movement. 


CHAPTER 11 e Artificial Intelligence (Al) and Automation 435 


The auto industry has made use of collaborative robots (or “cobots”) to 
work with humans on the manufacturing lines. Cobots handle work that is hard 
on a person and could cause repetitive injuries. These cobots are programmed 
to work with humans by knowing the environment and moving out of the way 
when something is blocking their path. The cobots handle the dangerous work, 
leaving the work that requires intelligence to the humans. One plant where 
cobots are used in Detroit builds three models of cars on one assembly line. 
According to the plant’s general manager, Marty Linn, cobots perform tasks 
such as stacking tires and using glue that is heated to a very high temperature 
to apply fabric to the ceiling of the cars. Both of these jobs can cause injuries, 
and employees hated being assigned these tasks. 

Healthcare is another industry that has seen a rapid rise in the use of 
robots. While it may seem that robotics is new in healthcare, the da Vinci® 
Surgical System (da Vinci®) has been on the market since 2000. The da Vinci® 
system allows for minimally invasive surgery by giving the doctors control 
of instruments via a console. The correct term is robotic-assisted surgery, 
although some people erroneously believe that the robot is performing the 
surgery. The physician works behind a console to control the robotic arms (see 
Figure 11.20). The jointed arms can twist in ways that human arms cannot, 
giving the surgeon greater flexibility (see Figure 11.21). The console has a 3D 
high-definition screen, which magnifies the view, so the surgeon often has to 
make fewer incisions, and the recovery time for the patient is lessened.© 

Many pharmacies now use robots to prepare medications and IV solutions. 
According to Cerner, a leading EHR provider, robots working in the pharmacy 
can receive orders to prepare intravenous medication and deliver them, along 
with the appropriate syringes, to the patient’s floor to be administered. These 
same robots can dispense and label medication using barcoded inventory. These 
robots are not replacing pharmacists, as oversight is still needed and human 
interaction with patients must be available. However, the robots are making 
pharmacies more efficient and reducing errors during peak volume times.” 


What’s Next 


What can we expect next in the world of robotics? 
One hospital in San Francisco has “delivery robots” that bring lunches to 
patients and carry specimens to labs. Some of these robots are programmed 
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FIGURE 11.20 


Surgeon working the controls 
of the da Vinci® Surgical 


System 

The da Vinci® Surgical System 
allows surgeons to use robotic arms 
to perform precise movements that 
would be very hard to accomplish 
by hand. 


The da Vinci® Surgical 


System uses instruments 
controlled by a surgeon at 


a control panel 

The da Vinci® Surgical System 
allows for minimally invasive surgery 
and a reduced recovery time. 


to use the elevators and open doors to maneuver around the building. Other 
robots are being trained as in-home care givers. Robots that are able to com- 
plete tasks such as cleaning, helping someone out of bed or get dressed, or 
even bringing food could help someone who needs assistance but wants to 
stay in bed.® 

Robots are already becoming more commonplace in our everyday lives, 
and companies are working on new ideas to make our work and home lives 
easier, with more inventions continually hitting the market. If you go to your 
favorite online shopping site and search for “robot” you will likely receive infor- 
mation about robotic toys, security robots, and even robotic window cleaners. 
We are already seeing autonomous cars on the road, and many of us have 
voice-activated devices that turn on our lights and mobile devices that allows 
us to ask questions and receive accurate and relevant answers. Ikea is working 
on a robotic kitchen assistant, and our online purchases may soon be delivered 
by drones.® What could possibly be next? 
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Critical Left Hand Robotics 


Thinking 2 INFORMATION TECHNOLOGY 

Exercise 
Left Hand Robotics was started in 2016 by Terry Olkin and Mike Ott with the goal 
of helping business owners and managers, governments, and large property owners 
more efficiently maintaining their landscape to meet the needs and expectations of 
their customers, residents, and tenants. Property maintenance is time consuming 
and, depending on the weather, can be hazardous. In times of high heat or extreme 
cold, employees working outside can become ill because of the temperature. Left 
Hand Robotics has designed commercial-class robots that can mow lawns and 
remove snow for these businesses.” These robots can be programmed to just start 
and go. The programming takes over, and the machines can run autonomously 
without the need for monitoring. Left Hand has a program to set the path of the 
mower or snow removal robot. After the robot is set in position and started, it can 
be monitored via mobile and Web apps, so the operator does not have to be on-site 
while the machine is running. This allows for multiple robots to be running at one 
time. Colorado City used the robot in 2019 to clear snow and was pleased with the 
result. The city staff has also begun using the robot for mowing and estimates an 
annual savings of over $800 per acre.” 


Review Questions 

1. What advantage, other than monetary, would these types of robots provide to 
customers? What are some of the disadvantages they might have? 

2. To what industries could Left Hand Robotics market the robots? 


Critical Thinking Questions 

1. What could be the impact on employment if city and county agencies utilize 
more of these types of robots? 

2. Left Hand Robotics currently makes mowers and snow removal robots. What 
other commercial-grade robots would you suggest they design? 


Principle: 


Organizations are developing new technology using artificial intelligence 
and expert systems. 

Artificial intelligence has been in research and development for many 
years. Scientists have been trying to find ways to make a think and act like a 
human. The Turing Test has not had a clear winner since 1951. 

Artificial intelligence goes beyond running a program and receiving a 
report. AI is the ability to use that knowledge for intelligent behavior. Since 
computers were first put into practice, they were able to read from a database 
and create a report. They must now “think” about the data and quickly solve 
a problem, understand a visual image, and use heuristics or fill-in-the-blanks 
when information is missing to come to a conclusion. 

Expert systems are the most complex of the AI systems. These systems 
are designed to handle the most complex problems and the results must be 
accurate. These systems are used in fast-paced environments where decisions 
must be made reliably, understandably, and there needs to be a rapid response 
time. The testing for these systems is extensive, as most of these systems are 
placed into situations that affect people’s safety. Aviation is one example that 
uses expert systems to determine a pilot’s ability to fly. 

An expert system has many components. Each system must have a knowl- 
edge base to pull from. The base stores all the relevant knowledge and must 
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be kept up-to-date. If this data is not accurate, then any decision made by the 
system will not be accurate. A development engine builds the rules and pro- 
cesses that run the system. The inference engine seeks out the data from the 
knowledge base and delivers the decision. This is considered the most import- 
ant component of the expert system. The explanation of the facility component 
allows the user to trace the findings of the system. This gives the user a better 
understanding of the “thought” process of the expert system in the decision 
making. The knowledge acquisition facility is how the knowledge base is cre- 
ated and updated. Specialized software allows the users and decision makers 
access to the knowledge base to keep the data current. The user interface 
allows for the input and output of data. The input could be a typed command, 
scanned document, or verbal instruction. The output could be a written report, 
verbal report, or image. 


Principle: 


As companies implement more automation, artificial intelligence, and 
expert systems, organizations must strategically plan for a potential 
impact on future employment. 

Vision systems allow the computer to store and manipulate visual images. 
Augmented reality is taking vision systems to another level by allowing the 
images to be brought into reality without leaving the room. Augmented reality 
is different from virtual reality in that the image is superimposed over your sur- 
roundings. Virtual reality places you into a situation, while augmented reality 
places an image into your space. 

Artificial neural networks are being used to recognize patterns of data in 
large data sets. Neural networks are programmed to work like the human brain. 
Each set of test data is run through the many cycles of testing, so the path- 
way is built to recognize a pattern of data. Any deviation of the pathway must 
build a new neural net, if the outcome is a desired answer. Data is collected 
and programmed into the system to create these networked connections. The 
computers use a supervised method of learning, much like machine learning 
training. A type of reinforced learning is used, as feedback is given for each 
cycle. A “weight” is applied, so the algorithm knows which route to take the 
next time the same situation happens. These two methods of training allow the 
neural network to work like a human brain. 

Since before the Industrial Revolution, there has been a fear that machines, 
and now computers, will eliminate all jobs and “take over the world.” As his- 
tory has shown, the more automation has been brought into industries, the 
more jobs have been created in other areas. Artificial intelligence will have 
an impact on employment in the future. The question is not if or where, but 
how it will affect employment. There is responsibility on the organizations to 
train employees for the future. If a company is moving to more automation, 
there will be a shift in the types of employees needed. More training can be 
provided, and employees can transition into different areas of the company. 
However, the employee is also responsible for their education. In a world of 
technology, accepting the provided professional development and training from 
their company, or financial assistance for more education, is the responsibility 
for the employee. The more AI develops, the skills of the employee will need 
to develop. These more advanced skills will also demand a higher wage. 


Principle: 


Organizations are relying on machines to learn from processes to gain 
better outcomes. 

In the world of AI, machines must learn new things. Much like humans are 
trained for a new a career, how to play an instrument, or how to drive a car, 
machines must be taught how to make decisions and perform tasks based on 
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what is around them. Each decision is made based on a set of parameters and 
the method of training determines how the machine will react. 

Each type of training uses large sets of data. Some of the data is labeled 
and some is unlabeled. Labeled data has a name, or tag, associated with the 
items, such as a picture of an elephant will say “elephant.” Unlabeled data will 
not have a tag, or name, on the item and the computer will have to assign a 
name based on other information that is available. 

Supervised learning uses labeled data and has answers available during 
training. The machine is put through many different scenarios with a given 
outcome that can be verified at the end. When a correct outcome is verified, 
the algorithm is saved, and the next test begins. Each correct algorithm is used 
to build a master list of outcomes and each test will be more difficult. This 
method allows for the machine to learn a specific set of scenarios where the 
variables are known. 

Unsupervised learning uses unlabeled data and does not have answers 
available during training. Many of the answers must come from data that is 
hidden within functions of the data. The machine observes through input it 
receives from the users and then applies labels to the data. As the computer 
receives more input, the data is restructured into a more usable format with 
labels attached. The computer is training itself into what the user wants and 
needs to return a correct answer. 

Reinforced learning also uses an unlabeled data set for training. This 
method works on a trial-and-error basis and interacts with the environment 
to receive more input. The feedback includes an error and reward system. 
When an error is returned, the result is recorded, and the machine knows to 
avoid that path in the future. This type of learning is an ongoing process for 
the machine. 

Semi-supervised learning uses both labeled and unlabeled data. A com- 
bination of learning techniques is used to train the machine, which improves 
the learning accuracy of the machine during the training. This type of learning 
requires skilled resources and relevant scenarios. The learning capacity of 
machines is greater using this method, as the machine is learning to restruc- 
ture the data into a usable format and is receiving feedback on the decisions 
it is making. 


Principle: 


Robots are becoming more interactive in business, with new applications 
being introduced at a rapid pace. 

The field of robotics is more than just a new way of programming. Robot- 
ics combines mechanical engineering, computer science, and AI to create a 
robot that will operate the complex algorithms needed to perform. A machine 
learning method will be selected based on the application the robot will 
perform. 

Robots are being used in many different industries, and more applications 
are being developed. We are seeing more uses each year in medicine, manufac- 
turing, and logistics. Robots are being used for surgery, auto assembly, package 
delivery, and in education. The Cartesian, SCARA and Articulated robots are 
used in the industrial industry. Each of these robots have a unique appearance 
and are built for a specific type of performance. The da Vinci® surgical robot is 
built for minimally invasive surgeries. Although each of these robots have been 
in use for years, each of them is continually being improved for additional use. 
Research and development continue for these industries, and many others, to 
make organizations more efficient. 

Robots have been in science fiction movies for over fifty years. Now, they 
are becoming employees in our companies, and we are relying on them in our 
daily lives. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


440 PART 3 @ Business Information Systems 


artificial intelligence (AD 
artificial intelligence (AI) systems 
artificial neural network 
augmented reality (AR) 
backward chaining 
brain computer interface 
cryptocurrency 

deep learning 
development engine 
domain expert 
explanation facility 
expert systems 

forward chaining 
genetic algorithms 
heuristics 

IF-THEN statements 
inference engine 


intelligent agent 


intelligent behavior 

knowledge acquisition facility 
knowledge base 

knowledge engineer 

knowledge user 

machine learning 

natural language processing (NLP) 
optical character recognition (OCR) 
perceptive system 

reinforced learning 

robotics 

rule 

semi-supervised learning 
supervised learning 

unsupervised learning 

upskill 


vision systems 


Self-Assessment Test 


Organizations are developing new technology using 
artificial intelligence and expert systems. 


1. The people, procedures, hardware, soft- 
ware, data, and knowledge needed to 
develop computer systems and machines 
that can simulate human intelligence process 
include : , and 


2. A trial-and-error method of problem solving 
used when an algorithmic or mathematical 
approach is called : 

3. Characteristics of expert systems include all of 
the following except 

Highly effective 

Understandable 

Reproducible 

Capable of critical decision making 


aor. 


As companies become more automated through the 
use of artificial intelligence and expert systems, 
organizations must strategically plan for a potential 
impact on future employment. 


4. An artificial neural network does all of the fol- 
lowing except 
a. Looks for patterns in large data sets 
b. Reacts to emotional stimulation 


c. Uses feedback in training 
d. Processes multiple attempts looking for the 
correct answer 

5. What type of computer system can recognize 
and act on patterns or trends that it detects in 
large sets of data and is developed to operate 
like the human brain? 

6. The ability to learn without being programmed 
is known as 


Organizations are relying on machines to learn from 
processes to gain better outcomes. 


7. Machine learning and AI are the same thing. 
True or False. 

8. Which of these is not a type of training for 
machine learning? 
a. Semi-supervised learning 
b. Reinforced learning 
c. Supervised learning 
d. Unsupported learning 

9. Natural language processing may be found in 
which of these activities? 

Typing a research paper 

Calling technical support 

Using a microwave 

Taking an elevator 


aor. 
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Robots are becoming more interactive in business, 
with new applications being introduced at a rapid 
pace. 


10. Which of these is not a type of industrial robot? 
a. Cartesian 
b. SCARA 
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c. SCUBA 
d. Articulated 

1. handle work that is hard on a 
person and could cause repetitive injuries. 

12. An functions like an arm, with 
rotary joints that can move up and down and 
also twist. 


Self-Assessment Test Answers 


Learning, reasoning, self-correction 
a 

c 

b 

artificial neural network 

machine learning 


EN A pa EY DA a 


7. False 

8. d 

9. ¢ 

10. c 

11. Cobots 

12. articulated robot 


Review and Discussion Questions 


1. What is the difference between artificial intelli- 
gence and machine learning? 

2. List five characteristics of intelligent behavior. 

3. List and briefly define the key components of an 
expert system. 

4. An engine that builds the set of rules and processes 
used by an AI system best describes what? 

5. Part of the expert system that seeks informa- 
tion and relationships from the knowledge base 
and provides answers, predictions, suggestions, 
often taking the place of a human expert best 
describes what? 

6. A computer system that can recognize and act 
on patterns or trends best describes what? 

7. Which type of learning uses trial and error 
where learning is gained through positive and 
negative feedback? 

8. Define the term development engine. 

9. A computer system that can recognize and act 
on patterns or trends that it detects in large sets 
of data, developed to operate like the human 
brain best describes what? 

10. The technology that interacts with a human’s 
neural structure and translates the information 
into activity is known as what? 


11. Describe how AI, if managed effectively and 
efficiently, can lead to higher rather than lower 
employment. 

12. Describe the differences between AI and 
machine learning. 

13. Discuss the five characteristics of an expert 
system. 

14. Why are inference engines considered one of 
the most important components of an expert 
system? 

15. Explain how augmented reality is being used in 
the medical field. 

16. Explain why systems trained using the semi- 
supervised machine learning method have the 
greatest learning capacity compared to the other 
three training methods. 

17. Describe three industrial robots that are 
described in the chapter. Give an example 
of where the robots could be used in 
industry. 

18. How are cobots being used in industry? 

19. Discuss how robots are affecting employment. 

20. What are some of the research ideas in produc- 
tion for robotics? What could be the future for 
robots? 


Business-Driven Decision-Making Exercises 


1. You are working for a logistics company that is 
expanding. Since opening the company in 2005, 
the company has been a packaging and ship- 
ping company for a tri-state region and is now 


expanding into a national company. The company 
has purchased a logistics firm in another state 

to broaden its customer base and increase its 
warehouse capacity. As an IT director, you have 
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been asked to lead a project team to automate 
the supply chain and logistics systems. Which 
system would you tackle first, or would you opt 
to automate both systems at the same time? Using 
an Excel spreadsheet or a Word document, detail 
what types of automation you think would work 
best for this size company. What types of robots 
are available, and are they sustainable for your 
company? 

You are the IT project manager for a local 
hospital that purchased a robotic surgical 


plant in the IT department. The company has 
four plants, with yours being the headquarters. 
Your team of five IT professionals has been 
tasked to design the new automotive manufac- 
turing production line. Research the best robotic 
technologies available and how they would 
work for your organization. Each member of the 
group should take one of each of these tasks: 
Draw the manufacturing floor plan and place the 
robots and human employees in place, show- 
ing how they will work together. Describe the 
work environment—will the robots and humans 
interact, will they work autonomously, and so 
on. Research the robotics needed, if any, and 


assistance device last year. The surgical sched- 
ule has increased in volume, meaning more 
patients are moving through the surgical floor 
and occupying hospital rooms. The hospital 

is now looking for additional help and has 
asked for your team’s help. Are there addi- 
tional surgical robotic devices available? What 
other robotic devices would be available for 
the hospital? How could these devices help 
and what impact could they have on the 
patients? 


Teamwork and Collaboration Activities 


1. You work for a local automotive manufacturing 


approximate costs. If cameras are to be used, 
what is the optimal placement? 

Your team is working with the government 
designing a new technology for a BCI. 

What type of technology would be help- 

ful for police officers in a crisis such as a 
hostage situation, a terrorist act, or a high- 
speed chase? Separate into groups of three. 
Research what devices are in use today 

and how they can be improved. Using this 
research, draw the groups’ new device design 
and give an example of how it would work. 
Develop a chart that shows what options the 
current devices have and what new options 
your device has. 


Career Exercises 


1. Using what you have learned from this chapter, 
research what education and skills are needed 
for career opportunities in AI, machine learn- 
ing, and robotics. Find colleges and universities 
that offer these types of degrees. Document 
your findings in a Word document or Excel 
spreadsheet. 


2. Research the types of programming languages 
most frequently used in machine learning and 
expert systems. How much education and 
experience are needed to program in these 
languages? Where are most of these jobs 
located? How can you get a start with these 
companies? 


æ DECISION MAKING 


DHL Uses Artificial Intelligence to Transform DHL has been proactive in its approach to technology. 
Logistics Operations Matthias Heutger, senior vice president and global head of 
DHL was founded in 1969 by Adrian Dalsey, Larry Hillblom, innovation explains, “As the technological progress in the 
and Robert Lynn. In the competitive world of logistics, field of AI is proceeding at a great pace, we see it as our 
DHL is one of the world leaders, with a presence in over duty to explore, together with our customers and employ- 
220 countries and over 380,000 employees—which doesn’t ees, how AI will shape the logistics industry’s future.” 

even include the robots that work for the company. DHL is DHL’s Resilience360 Supply Watch software uses both 
also a leader in using AI, machine learning, and robotics to machine learning and natural language processing to look 
enhance its business and satisfy customers. for anomalies in the supply chain process. According to the 
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company, the software scans for “140 different risk catego- 
ries including financial, environmental, and social factors 
among risk resulting from crime, labor breeches, quality 
defects, and supply chain perils such as shortages, capacity 
constraints, and delays.” This software allows DHL to be 
proactive rather than reactive to issues—informing custom- 
ers of issues before the customer becomes aware through 
other means. This level of customer service helps foster loy- 
alty with DHL’s customers. 

Air freight is a large part of DHL’s service. With loca- 
tions in over 220 countries, DHL ships merchandise all 
over the world. As anyone who has ever been to an airport 
knows, flights are not always on time. There are many 
factors that affect schedules—weather, maintenance, crew 
delays, and factors outside normal operations. Because of 
this, DHL has developed a machine learning tool to predict 
air freight transit time based on 58 different parameters. 
The model allows the company to determine, up to a week 
in advance, if a shipment will, or even should, fly. Most of 
these shipments are international shipments. 

DHL delivers over 1.5 billion packages every year. The 
use of robotics is allowing customers to track their packages 
using voice-activated devices, such as Amazon Alexa. These 
devices allow the customer to ask for an update on the sta- 
tus and be connected to customer service if there is a delay. 
Robots are also being used to automate the more repetitive 
tasks and those tasks that can cause injuries. Using machine 
learning training, the robots can then stage the shipments 
for the optimal loading/unloading sequence. 

When making the move to AI and automation, DHL, 
working with IBM, recommends companies use the follow- 
ing four techniques to ensure a successful implementation: 
(1) design thinking to reveal any unmet needs, (2) tradi- 
tional IT management techniques to scope the resources 
needed, (3) Al-specific methodologies for knowledge and 
training, and (4) agile methodologies for continuous devel- 
opment and improvement. 
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Critical Thinking Questions 


1. DHL is being proactive in notifying customers of 
problems. Why would this create customer loyalty? 
Would it not be better to fix the problem and not 
notify the customer? What would you tell the cus- 
tomer in the event of a problem? 

2. Autonomous vehicles and trucks are being tested for 
use in commercial applications. If DHL uses an auton- 
omous vehicle for local deliveries, what else will they 
need to be successful? How can they ensure that the 
packages are received, and how will the packages get 
from the vehicle to the person? 

3. DHL works with home voice-activation devices for 
package tracking. What other features could work 
with these devices that would make logistics and ship- 
ping easier for the customer and enhance loyalty to 
DHL? 
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Principles 


e Organizations that are 


more advanced in their 
planning processes develop 


multiple-year strategic plans. 


Organizations must always 
make a clear connection 
among business objec- 
tives, goals, and projects. 
In addition, projects must 
be consistent with business 
strategies. 


The organizational appetite 
for innovation drives the 
changes within the firm’s 
selected projects and 
processes. 


Learning Objectives 


Describe the four phases of a goals-based strategic planning process. 
Discuss how the seven layers of the strategic planning pyramid can 
improve the planning process. 

Outline a process for prioritizing IS projects and initiatives. 


Discuss why project management is considered to be a core compe- 
tency for many organizations. 


Identify the five highly interrelated parameters that define a project. 


Briefly discuss the 10 knowledge areas associated with the science of 
project management. 


Identify the primary difference between business process reengineering 
and continuous improvement. 


Identify the appropriate strategy to employ with each of five categories 
of innovation adopters. 


lenetstan/Shutterstock.com 


IS in Action 


E-Trade’s Strategic Projects 


Æ SYSTEMS AND PROCESSES 


The online brokerage firm E-Trade was born as online platforms such as AOL and Com- 
puServe were beginning to gain traction in the early 1980s. Founders William Porter and 
Bernard Newcomb were looking to transform an industry based on paper and in-person 
trading, by making online trading available to individual investors. Today, E-Trade is a 
powerhouse in the trading industry. The company, which manages $414 billion in customer 
assets, earned a net revenue of $2.87 billion in 2018. 

Successful companies such as E-Trade know why they are in business. This “why” is 
the company’s mission, or reason for being. E-Trade’s stated mission is “To enhance the 
financial independence of traders and investors through a powerful digital offering and 
professional guidance.” E-Trade understands that its goals and objectives must align with 
its corporate mission statement if it is going to stay relevant and maintain its market share, 
so the company has outlined a corporate strategy that focuses on two key objectives: 
(1) accelerating the growth of its core brokerage business to improve market share and 
(2) generating robust earnings growth and healthy returns on capital to deliver long-term 
value to its stockholders. E-Trade has broken down its first objective into several differ- 
ent goals, including growing its brokerage business by focusing on its corporate services 
channel, through which the company administers corporate stock plans. 

The next step for E-Trade was to identify the projects it would launch in support of 
its stated goals and objectives. Those projects included a new “digital dashboard,” rolled 
out in September 2018, designed to aid stock plan participants who were interested in 
incorporating their plan benefits into a specific investment strategy. The dashboard, or 
planning center, includes multiple tools for users to find out about upcoming events 
related to their stock plan, research potential tax implications and benefits, learn how to 
use their investment proceeds to meet their financial goals, and review other educational 
content specific for their specific stock plan. The mission of E-Trade is to make the traders 
more independent (“...to enhance the financial independence of traders and investors ...”) 
and the corporate strategy is to ensure that their customers “generat(e) robust earnings 
growth and healthy returns on capital to deliver long-term value to its stockholders.” The 
proposed digital dashboard will aid investors in growing their portfolios independently. 


As you read this chapter, consider the following: 


e What is an effective strategic planning process, who needs to participate in it, 
and what are the deliverables of such a process? 
What is project management, and what are the key elements of an effective project 
management process? 
How is innovation linked to business process reengineering and continuous 
improvement? 
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Why Learn About Strategic Planning and 
Project Management? 


Ever since the dawn of the computer age, business and IS executives have been working to improve the 
alignment between business and IS as a top business priority. In this context, alignment means that the IS 
organization and its resources are focused on efforts that support the key objectives defined in the strategic 
plan of the business. This implies that IS and business managers have a shared vision of where the orga- 
nization is headed and agree on its key strategies. This shared vision will guide the IS organization in hiring 
the right people with the correct skills and competencies, choosing the right technologies and vendors to 
explore and develop, installing the right systems, and focusing on projects that will best help the organiza- 
tion meet its mission. Projects are the way that much of an organization’s work gets done. No matter what 
the industry and no matter whether the organization is a for-profit company or a nonprofit organization— 
large or small, multinational or local—good strategic planning coupled with good project management is 
a positive force that enables an organization to get results from its efforts. Knowing the basics of strategic 
planning and project management will make you an extremely valuable resource within any organization. 


This chapter defines strategic planning and outlines an effective process for 
accomplishing this critical activity. It also clarifies the importance of project 
management and outlines a proven process for successful project management. 
Additionally, this chapter looks at the effects of innovation on strategies, proj- 
ects, and organizational processes. Today’s organizations need people who 
can develop strategic plans and use technology to realize corporate benefits. 


Strategic Planning 


strategic planning: A process Strategic planning is a process that helps managers identify desired outcomes 
that helps managers identify desired and formulate feasible plans to achieve their objectives by using available 
outcomes and formulate feasible plans resources and capabilities. The strategic plan must take into account that the 
to achieve their objectives by using a x ie i Sa sig 
available resources and capabilities. organization and everything around it is changing: consumers’ likes and dislikes 
change; old competitors leave and new ones enter the marketplace; the costs 
and availability of raw materials and labor fluctuate, as does the fundamental 
economic environment (interest rates, growth in gross domestic product, infla- 
tion rates); and there is a degree of industry and government regulation change. 
The following is a set of frequently cited benefits of strategic planning: 


e Provides a framework and a clearly defined direction to guide decision 
making at all levels throughout the organization 

e Ensures the most effective use is made of the organization’s resources by 
focusing those resources on agreed-upon key priorities 

e Enables the organization to be proactive and take advantage of opportu- 
nities and trends, rather than passively reacting to them 

e Enables all organizational units to participate and work together toward 
accomplishing a common set of goals 

e Provides a set of measures for judging organizational and personnel 
performance 

e Improves communication among management and the board of direc- 
tors, shareholders, and other interested parties 


In some organizations with immature planning processes, strategic plan- 
ning is an annual process timed to yield results used to prepare the annual 
expense budget and capital forecast. The process is focused inward, concen- 
trating on the individual needs of various departments. Organizations that are 
more advanced in their planning processes develop multiple-year plans based 
on a situational analysis, competitive assessments, consideration of factors 
external to the organization, and an evaluation of strategic options. 
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issues-based strategic 
planning: A strategic planning 
process that begins by identifying 
and analyzing key issues facing the 
organization, setting strategies to 
address those issues, and identifying 
projects and initiatives that are 
consistent with those strategies. 


organic strategic planning: 

A strategic planning process that 
defines the organization’s vision and 
values and then identifies projects and 
initiatives to achieve the vision while 
adhering to the values. 


goals-based strategic planning: 
A multiphase strategic planning 
process that involves analyzing an 
organization and its environment, 
defining strategies, and executing 
initiatives to help an organization meet 
its long-term goals and objectives. 


Where are we now? 
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The CEO of an organization must make long-term decisions about where 
the organization is headed and how it will operate and has ultimate responsibil- 
ity for strategic planning. Subordinates, lower-level managers, and consultants 
typically gather useful information, perform much of the underlying analysis, 
and provide valuable input. But the CEO must thoroughly understand the 
analysis and be heavily involved in setting high-level business objectives and 
defining strategies. The CEO must also be seen as a champion and supporter 
of the chosen strategies; otherwise, the rest of the organization is unlikely to 
“buy into” those strategies and take the necessary actions to make it all happen. 

There are a variety of strategic planning approaches, including issues- 
based, organic, and goals-based. Issues-based strategic planning begins by 
identifying and analyzing key issues facing the organization, setting strategies 
to address those issues, and identifying projects and initiatives that are consis- 
tent with those strategies. Organic strategic planning defines the organiza- 
tion’s vision and values and then identifies projects and initiatives to achieve 
the vision while adhering to the values. 

Goals-based strategic planning is a multiphase strategic planning process 
that involves analyzing an organization and its environment, defining strategies, 
and executing initiatives to help an organization meet its long-term goals and 
objectives. Goals-based strategic planning begins by performing a situation anal- 
ysis to identify an organization’s strengths, weaknesses, opportunities, and threats. 
Next, management sets the direction for the organization by defining its mission, 
vision, values, objectives, and goals. The results of the analysis and direction-setting 
phases are used to define strategies to enable the organization to fulfill its mission. 
Initiatives, programs, and projects are then identified and executed to enable the 
organization to meet the objectives and goals. These ongoing efforts are evaluated 
to ensure that they remain on track toward achieving the goals of the organization. 
The major phases in goals-based strategic planning are (1) analyze situation, 
(2) set direction, (3) define strategies, and (4) deploy plan (see Figure 12.1). 


Analyze Situation 


| 


Where do we want to go? 


i 2 
Sor pisohon How will we get there? 


Define Strategies How do we engage others? 


Deploy Plan 


FIGURE 12.1 


The goals-based strategic planning process 
The overlapping phases of goals-based strategic planning ensure that all company initiatives, programs, and proj- 
ects tie back to specific organizational goals. 


Analyze Situation 


All levels and business units of an organization must be involved in assessing 
its strengths and weaknesses. Preparing a historical perspective that summa- 
rizes the company’s development is an excellent way to begin this strategic 
planning step. Next, a multitude of data is gathered about internal processes 
and operations, including survey data from customers and suppliers and other 
objective assessments of the organization. The collected data is analyzed to 
identify and assess how well the firm is meeting current objectives and goals, 
and how well its current strategies are working. This process identifies many 
of the strengths and weaknesses of the firm. 
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Michael Porter’s Five Forces 
Model: A model that identifies the 
bargaining power of suppliers and 
buyers, the threat of new entrants and 
substitute products, and the existing 
industry competitors, which determine 
the level of competition and long-term 
profitability of an industry. 


FIGURE 12.2 


Michael Porter’s Five Forces 
Model 


This model can be used to deter- 
mine the level of competition and 
long-term profitability of an industry. 


Strategic planning requires careful study of the external environment sur- 
rounding the organization and assessing where the organization fits within it. 
This analysis begins with an examination of the industry in which the orga- 
nization competes: What is the size of the market? How fast is it growing or 
shrinking? What are the significant industry trends? 

Next, the organization must collect and analyze facts about its key custom- 
ers, competitors, and suppliers. The goal is two-fold: capture a clear picture of 
the strategically important issues that the organization must address in the future 
and reveal the firm’s competitive position against its rivals. During this step, the 
organization must get input from customers, suppliers, and industry experts—all 
of whom will likely be able to provide more objective viewpoints than employ- 
ees. Members of the organization should be prepared to hear things they do not 
like, but that may offer tremendous opportunities for improvement. It is critical 
that unmet customer needs are identified to form the basis for future growth. 

The most frequently used model for assessing the nature of industry com- 
petition is Michael Porter’s Five Forces Model, which identifies the bargain- 
ing power of suppliers and buyers, the threat of new entrants and substitute 
products, and the existing industry competitors, which determine the level of 
competition and long-term profitability of an industry (see Figure 12.2). 


Potential entrants 


Threat of 
new entrants 


Bargaining Industry Bargaining 
power competitors power 
of suppliers of buyers 
Suppliers c oy c Buyers 


Rivalry among 
existing firms 


Threat of 
substitute products 
or service 


Substitutes 


The fundamental factors that determine the level of competition and long- 
term profitability of an industry are the following: 


1. The threat of new competitors will raise the level of competition. Entry 
barriers determine the relative threat of new competitors. These barriers 
include the capital required to enter the industry and the cost to customers 
to switch to a competitor. 

2. The threat of substitute products can lower the profitability of industry 
competitors. The willingness of buyers to switch products and the relative 
cost and performance of substitutes are key factors in this threat. 

3. The bargaining power of buyers determines prices and long-term prof- 
itability. This bargaining power is stronger when there are relatively few 
buyers but many sellers in the industry or when the products offered are 
all essentially the same. 

4. The bargaining power of suppliers can significantly affect the industry’s 
profitability. Suppliers have strong bargaining power in industries that have 
many buyers and only a few dominant suppliers and in industries that do 
not represent a key customer group for suppliers. 

5. The degree of rivalry between competitors is high in industries with many 
equally sized competitors or little differentiation between products. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


Strengths, Weaknesses, 
Opportunities, Threats (SWOT) 
matrix: A simple way to illustrate 
what a company is doing well, where 
it can improve, what opportunities are 
available, and what environmental 
factors threaten the future of the 
organization. 


The strategic planning 
pyramid 

The strategic planning pyramid is a 
top-down approach to identify ini- 
tiatives, programs, and projects that 
are well-suited for the organization. 
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Many organizations also perform a competitive financial analysis to deter- 
mine how their revenue, costs, profits, cash flow, and other key financial 
parameters match up against those of their competitors. Most of the informa- 
tion needed to prepare such comparisons is readily available from competitors’ 
annual reports. 

The analysis of an organization’s internal assessment and study of its exter- 
nal environment is summarized into a Strengths, Weaknesses, Opportunities, 
Threats (SWOT) matrix, as shown in Table 12.1, which provides a SWOT matrix 
for Starbucks.! The SWOT matrix is a simple way to illustrate what the company 
is doing well, where it can improve, what opportunities are available, and what 
environmental factors threaten the future of the organization. Typically, the inter- 
nal assessment identifies most of the strengths and weaknesses, while the analy- 
sis of the external environment uncovers most of the opportunities and threats. 
The technique assumes that an effective strategy derives from maximizing a 
firm’s strengths and opportunities and minimizing its weaknesses and threats. 


TABLE 12.1 SWOT analysis for Starbucks? 


Strengths Weaknesses 
© Strong revenue and profit growth © Known for relatively expensive 
© Strong global supply chain coffee 
e Well-known brand © Coffee is easy to imitate 
Opportunities Threats 
e Developing markets ready for © Independent coffeehouses gaining 
expansion momentum 
è® Partnerships with other companies © Rising competition (e.g., Dunkin’ and 
Tim Hortons 
Set Direction 


The direction-setting phase of strategic planning involves defining the mission, 
vision, values, objectives, and goals of the organization. Determining these will 
enable the organization to identify the proper strategies, initiatives, programs, 
and projects, as shown in Figure 12.3. 


Vision 
Values 


Objectives 


Initiatives, programs, and projects 
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vision/mission statement: 

A statement that communicates an 
organization’s overarching aspirations 
to guide it through changing objectives, 
goals, and strategies. 


mission statement: A statement 
that concisely defines an organization's 
fundamental purpose for existing. 


vision: A concise statement of what 
an organization intends to achieve in 
the future. 


core value: A widely accepted 
principle that guides how people 
behave and make decisions in the 
organization. 


objective: A statement of a 
compelling business need that an 
organization must meet to achieve its 
vision and mission. 


Vision, Mission, and Core Values 

Senior management must create a vision/mission statement that communi- 
cates an organization’s overarching aspirations to guide it through changing 
objectives, goals, and strategies. The organization’s vision/mission statement 
forms a foundation for making decisions and taking action. The most effective 
vision/mission statements inspire and require employees to stretch to reach 
the organization’s goals. These statements seldom change once they are formu- 
lated. An effective statement consists of three components: a mission statement, 
a vision of a desirable future, and a set of core values. 

The mission statement concisely defines the organization’s fundamental 
purpose for existing. It usually is stated in a challenging manner to inspire 
employees, customers, and shareholders. 

The organization’s vision is a concise statement of what the organization 
intends to achieve in the future. The following are the earmarks of a good 
vision: 


e It motivates and inspires. 

e It is easy to communicate, simple to understand, and memorable. 

e It is challenging and yet achievable and moves the organization toward 
greatness. 


A core value is a widely accepted principle that guides how people behave 
and make decisions in the organization. 
Table 12.2 provides the mission, vision, and values of Google.’ 


TABLE 12.2 Google's mission, vision, and values 


Mission 

To organize the world’s information and make it universally accessible and useful 
Vision 

To provide access to the world’s information in one click 
Values 

1) Focus on the user and all else will follow. 

2) It’s best to do one thing really, really well. 

3) Fast is better than slow. 

4) Democracy on the Web works. 

5) You don’t need to be at your desk to need an answer. 
6) You can make money without doing evil. 

7) There’s always more information out there. 

8) The need for information crosses all borders. 

9) You can be serious without a suit. 


10) Great just isn’t good enough. 


Objectives 

The terms objective and goal are frequently used interchangeably. For this dis- 
cussion, we distinguish between the two—defining objective as a statement 
of a compelling business need that an organization must meet to achieve its 
vision and mission. 

Each week, Walmart serves close to 275 million customers? in its stores and 
through its websites globally. Recent annual revenue for the company exceeded 
$500 billion.» The organization has defined its mission, vision, values, and 
objectives, as shown in Table 12.3. 
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TABLE 12.3 Walmart’s mission, vision, values® 7 
Mission: We save people money so they can live better. 
Vision: Be THE destination for customers to save money, no matter how they want to shop. 
Core Values: 
© Service to the Customer 
© Customer first: Listen to, anticipate, and serve customer wants and needs. 
e Frontline focused: Support and empower associates to serve customers every day. 
e Respect for the Individual 
© Listen: Be visible and available, collaborate with others, and be open to feedback. 
© Lead by example: Be humble, teach, and trust others to do their jobs; give honest and direct feedback. 
© Inclusive: Seek and embrace differences in people, ideas, and experiences. 
© Strive for Excellence 
e High performance: Set and achieve aggressive goals. 
e Accountable: Take ownership, celebrate successes, and be responsible for results. 
© Strategic: Make clear choices, anticipate changing conditions, and plan for the future. 
e Act with Integrity 
© Honest: Tell the truth, keep your promises, and be trustworthy. 
e Fair: Do right by others, be open, and transparent. 
© Courageous: Speak up, ask for help, make tough calls, and say no when appropriate. 
Objectives: 
© Make every day easier for busy families. 
© Change how we work. 
e Deliver results and operate with discipline. 
© Be the most trusted retailer. 
Goals 
goal: A specific result that must be A goal is a specific result that must be achieved to reach an objective. In fact, 
achieved to reach an objective. several goals may be associated with a single objective. The objective states 


what must be accomplished, and the associated goals specify how to determine 
whether the objective is being met. 

Goals track progress in meeting an organization’s objectives. They help 
managers determine if a specific objective is being achieved. Results, deter- 
mined by how well the goals are met, provide a feedback loop. Depending 
on the difference between the actual and desired results, adjustments may be 
needed in the objectives, goals, and strategies as well as with the actual projects 
being worked on. 

Some organizations encourage their managers to set Big Hairy Audacious 
Goals (BHAGs) that require a breakthrough in the organization’s products or 
services to achieve. Such a goal “may be daunting and perhaps risky, but the 
challenge of it grabs people in the gut and gets their juices flowing and creates 
tremendous forward momentum.”* 

Elon Musk is one CEO is determined to set the “hairiest” of goals. One of 
his companies, The Boring Company, is trying to solve the problem of vehic- 
ular traffic. Musk decided that the most efficient way to cure traffic woes is 
not to fix the existing highways or build flying cars. Rather, he is building 
underground tunnels, where cars would be self-driven at speeds over 150 
miles per hour. These cars would access the tunnels through elevators on the 
street level.’ 

However, engineers and other professionals are skeptical of Elon’s under- 
ground tunnels. Many engineers doubt the cost estimates of building the tun- 
nels, the high speeds that pods or automobiles will be able to achieve once 
in the tunnel, and the speed and traffic concerns of utilizing the proposed 
“elevator” technology.'° 
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If Elon Musk is successful, he will have accomplished two major feats: The 
construction of tunnels would be reduced by 1/10 of the current cost, and 
electric autonomous vehicles would take over the automobile market. It is yet 
to be seen whether this big hairy audacious goal will achieve success. 

The use of so-called SMART goals has long been advocated by management 
consultants." The principal advantages of SMART goals are that they are easy 
to understand, are easily tracked, and contribute real value to the organization. 
The SMART acronym stands for: 


e Specific. Specific goals have a much greater chance of being understood 
and accomplished than vague goals. Specific goals use action verbs and 
specify who, what, when, where, and why. 

e Measurable. Goals that are measurable include numeric or descriptive 
measures that define criteria such as quantity, quality, and cost so that 
progress toward meeting the goal can be determined. 

e Achievable. Goals should be ambitious yet realistic and attainable. Goals 
that are either completely out of reach or below standard performance 
are worthless and demotivating. 

e Relevant. Goals should strongly contribute to the mission of the depart- 
ment, why else expend the effort? 

e Time constrained. A time limit should be set to reach the goal to help 
define the priority to assign to meeting the goal. 


An example of a SMART goal for a customer service organization of a large 
retail store might be to reduce customer complaints about mispriced merchan- 
dise from 9 per day to less than 3 per day by June 30. 


Strategies 
strategy: A plan that describes how A strategy describes how an organization will achieve its vision, mission, 
an organization will achieve its vision, objectives, and goals. Selecting a specific strategy focuses and coordinates an 


mission, objectives, and goals. organization’s resources and activities from the top down to accomplish its 


mission. Indeed, creating a set of strategies that will garner committed sup- 
porters across the organization—all aligned on the mission and vision—is key 
to organizational success. 


Initiatives, Programs, and Projects 

After an organization has established why it is in business (mission/vision), 

how it wants its employees to conduct themselves (values), what its business 

needs are (objectives), what it is hoping to accomplish (goals), and how it plans 

to make its goals a reality (strategies), the firm must execute specific initiatives, 

programs, or projects to make changes. Without specific projects, creating the 
project: A temporary endeavor that top of the strategic planning pyramid is simply academic. Projects are tempo- 
creates an actionable plan, allowing rary endeavors that create an actionable plan, allowing organizations to achieve 
bei A A Ae to achieve their goals their goals and objectives. In other words, a project is an opportunity for the 

mee organization to implement specific actions to achieve its goals. 


Define Strategies 


Common themes in setting strategies include “increase revenue,” “attract and 
retain new customers,” “increase customer loyalty,” and “reduce the time required 
to deliver new products to market.” In choosing from alternative strategies, man- 
agers should consider the long-term impact of each strategy on revenue and 
profit, the degree of risk involved, the amount and types of resources that will be 
required, and the potential competitive reaction. In setting strategies, managers 


draw on the results of the SWOT analysis and consider the following questions: 


7 


e How can we best capitalize on our strengths and use them to their full 
potential? 
e How do we reduce or eliminate the negative impact of our weaknesses? 
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e Which opportunities represent the best opportunities for our organization? 

e How can we exploit these opportunities? 

e Will our strengths enable us to make the most of this opportunity? 

e Will our weaknesses undermine our ability to capitalize on this 
opportunity? 

e How can we defend against threats to achieve our vision/mission, objec- 
tives, and goals? 

e Can we turn this threat into an opportunity? 


Amazon has made a strategic decision to explore the possible use of deliv- 
ery drones to gain a real competitive advantage over competitors who rely on 
less efficient ground transportation. Because a large percentage of Amazon 
packages weigh less than 5 pounds, drones could make the ideal rapid-delivery 
vehicles. Amazon has detailed plans for this service; however, the company 
cannot announce if or when the program will start until regulators change the 
rules regarding the commercial use of drones. Such a strategy has the poten- 
tial to attract new customers and increase revenue if changes in government 
regulations allow the company to move forward.” 


Deploy Plan 


The strategic plan defines objectives for an organization, establishes SMART 
goals, and sets strategies on how to reach those goals. These objectives, goals, 
and strategies are then communicated to the organization’s business units and 
functional units so that everyone is “on the same page.” The managers of the 
various organizational units can then develop more detailed plans for initia- 
tives, programs, and projects that align with the firm’s objectives, goals, and 
strategies. Alignment ensures that the efforts will draw on the strengths of the 
organization, capitalize on new opportunities, fix organizational weaknesses, 
and minimize the impact of potential threats. 

The extent of strategic planning done at lower levels within the organization 
depends on the amount of autonomy granted those units as well as the leadership 
style and capabilities of the managers in charge of each unit. For these reasons, 
the amount of effort, the process used, and the level of creativity that goes into the 
creation of a business unit strategic plan can vary greatly across an organization. 

Alstom Transport, which develops and markets railway systems, equip- 
ment, and services, won a contract to supply Virgin Trains’ West Coast Mainline 
operations in the United Kingdom.’ Alstom supplied Virgin Trains 52 of its 
high-speed (125 mph) Pendolino trains. However, the train was initially too 
unreliable—too many trains were shut down on any given day due to mainte- 
nance issues." Only 38 of the 52 trains were available on a given day; however, 
46 trains were needed to meet service-level goals. The situation was affecting 
Alstom’s relationship with Virgin Trains, and, if not improved, would likely 
affect contract renewal. Alstom Transport executives met and set key objectives 
to improve the relationship with Virgin Trains: 


e Meet availability goals and improve reliability. 
e Do not increase costs. 
e Provide greater value to the customer. 


Alstom leaders then employed a “catch-ball” process to deploy these objec- 
tives to other workers at the firm. The management team “threw” the goals 
back and forth with the entire management chain, including senior manage- 
ment, operations leaders, and depot and production management. By means 
of this process, Alstom identified over 15 potential improvement projects to 
support the goals, leading to an increased train availability rate—72 percent 
to 90 percent—while headcount and costs were kept flat. Alstom won renewal 
of a service maintenance contract with Virgin Trains three years earlier than 
expected because of its improved service.’ 
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Critical 
Thinking 
Exercise 


Strategic Planning at Johns Hopkins Medicine 
æ GLOBAL, FINANCE 


Johns Hopkins Medicine, with headquarters in Baltimore, Maryland, is a $8 billion 
global health care organization that operates six academic and community hospi- 
tals, six suburban health care and surgery centers, and 40 primary and specialty 
care outpatient sites. The organization strives to create a culture in which diversity, 
inclusion, civility, collegiality, and professionalism are championed through actions, 
incentives, and accountability. Johns Hopkins Medicine’s mission, vision, core val- 
ues, and objectives are presented in Table 12.4." 


TABLE 12.4 Johns Hopkins Medicine mission, vision, values, and 
objectives” 18 


Mission: To improve the health of the community and the world by setting the 
standard of excellence in medical education, research, and clinical care 


Vision: Johns Hopkins Medicine pushes the boundaries of discovery, transforms 
health care, advances medical education, and creates hope for humanity. Together 
we will deliver the promise of medicine. 


Core Values: 


®© Excellence and discovery 
e Leadership and integrity 
e Diversity and inclusion 

èe Respect and collegiality 
Objectives: 


e Advance discovery through use of diverse data sources. 

e Develop Precision Medicine Centers of Excellence (PMCOEs) that encompass 
both clinical and basic science research. 

e Enhance individualized care decisions and outcomes through stratification of 
patient data. 

e Ensure data integrity and create an integrated clinical and operational analyt- 
ics platform. 

®© Transform educational practice and content to tailor learner experience to 
individual needs. 

e Create forward-looking workforce plans that align with clinical and academic 
objectives. 


You are a member of a three-person team within the finance organization that 
is working under the direction of the CFO to define a set of strategies that will 
support Johns Hopkins Medicine’s financial objectives and goals. 


Review Questions 


The CFO has asked each member of the team to express his or her thoughts on 
two topics: 


1. Should any resources from outside the finance organization be recruited to help 
identify and evaluate alternative strategies? Why or why not? 
2. How should potential strategies for the finance organization be evaluated? 


Critical Thinking Questions 


1. Develop two hypothetical objectives specific to the finance organization that 
are consistent with Johns Hopkins Medicine’s overall vision, mission, and 
objectives. 

2. For each objective develop one SMART goal. 
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FIGURE 12.4 


Drivers that set IS organiza- 
tional strategy and determine 


information system investments 
Planners must consider many 
factors in setting IS organizational 
strategy. 
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Setting the Information System Organizational Strategy 


The strategic plan of the information system (IS) organization must identify those 
technologies, vendors, competencies, people, systems, and projects in which the 
organization will invest to support the corporate and business unit objectives, 
goals, and strategies. The IS strategic plan is strongly influenced by new tech- 
nology innovations (e.g., increasingly more powerful mobile devices, advanced 
printers that can generate three-dimensional objects from a digital file, access 
to shared computer resources over the Internet, and advanced software that 
can analyze large amounts of structured and unstructured data) and innovative 
thinking by others both inside and outside the organization (see Figure 12.4). 


Corporate 
strategy 


Business unit 
strategies 


Innovative 
thinking 


Technology 
innovations 


The strategic planning process for the IS organization and the factors that 
influence it depend on how the organization is perceived by the rest of the 
organization. An IS organization can be viewed as a cost center/service pro- 
vider, a business partner/business peer, or as a game changer (see Table 12.5). 


TABLE 12.5 The IS strategic planning spectrum 


Cost Center/Service Business Partner/ 
Provider Business Peer Game Changer 
Strategic planning focus Inward looking Business focused Outward looking 
IS goals Reduce IS costs; improve Control IS costs; expand IS Make IS investments to 
IS services services deliver new products and 
services 
Strategy React to strategic plans of Execute IS projects to Use IS to achieve 
business units support plans of business competitive advantage 
Typical projects Eliminate redundant or Implement corporate Provide new ways for 
ineffective IS services database and/or enterprise customers to interact with 
systems organization 


In a recent survey of CIOs, 32 percent said that their IS organization is 
viewed as a cost center/service provider that is expected to reduce IS costs and 
improve IS services.” The strategic planning process for such an organization 
is typically directed inward and focused on determining how to do what it is 
currently doing but cheaper, faster, and better. 
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The IS organization of the state of Delaware is viewed as a cost center/ 
service provider. One of the organization’s primary strategic initiatives is to 
consolidate IS resources and to eliminate redundant functions and resources 
within the various state agencies. The goal is to deliver significant improve- 
ments in customer service and to reduce costs.” 

The majority of CIOs surveyed, about 45 percent, said their IS organization is 
viewed as a business partner/business peer that is expected to control IS costs and 
expand IS services in support of business initiatives.” The strategic planning pro- 
cess of these organizations is based on understanding the collective business plans 
for the next year and determining what those mean for the IS organization in 
terms of new technologies, vendors, competencies, people, systems, and projects. 

As a key government agency, the Federal Deposit Insurance Corporation 
(FDIC) is continually looking for ways it can improve its internal operations 
and insure that its mission-critical systems are available during a crisis. The 
purpose of the FDIC’s IS organization is to help the FDIC more effectively and 
efficiently achieve its core business objectives. Recent IS department projects 
in support of those objectives include projects focused on cybersecurity— 
including the development of secure mobile applications that allow users to 
work remotely—as well as initiatives designed to increase data analysis capa- 
bilities, and improve service response times.” 

IT organizations are making great strides in becoming transformational forces 
within their larger organizations. In the past four years, the percent of surveyed 
CIOs who indicated that their IS organization is viewed by fellow employees as 
a game-changing organization asked to lead product innovation efforts and open 
new markets has risen from 10 to 36 percent.” The strategic planning process for 
these IS organizations is outwardly focused and involves meeting with customers, 
suppliers, and leading IS consultants and vendors to answer questions like “What 
do we want to be?” and “How can we create competitive advantage?” In such 
organizations, IS is not only a means for implementing business-defined objec- 
tives, but also a catalyst for achieving new business objectives unreachable with- 
out IS. Becoming truly transformational requires an IT organization (and its larger 
organization) to rethink the role technology and processes play in creating com- 
petitive advantage. For the year 2019, global digital transformation technologies 
spending is expected to exceed $2 trillion as companies try to make that shift.” 

Founded in 2000, the online ticket marketplace StubHub now has over $1.2 
billion in annual sales.” The company’s recent efforts to transform its business 
include an initiative to enable ticket sellers to take pictures of tickets and post 
them for sale because half of StubHub’s purchases come from mobile devices. 
Additionally, the company’s online presence is poised to become a destination 
website, including music and allowing Facebook friends to purchase tickets 
for each other.” This new content will be a game changer for StubHub, driving 
more visits to their website. 

No matter how an IS organization is perceived, the odds of achieving good 
alignment between the IS strategic plan and the rest of the business are vastly 
increased if IS workers have experience in the business and can talk to busi- 
ness managers in business terms rather than technology terms. IS staff must 
be able to recognize and understand business needs and develop effective 
solutions. The CIO especially must be able to communicate well and should 
be accessible to other corporate executives. However, the entire burden of 
achieving alignment between the business and IS cannot be placed solely on 
the IS organization. 


Identifying IS Projects and Initiatives 


In mature planning organizations, IS workers are constantly picking up ideas 
for potential projects through their interactions with various business man- 
agers and from observing other IS organizations and competitors. They also 
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keep abreast of new IS developments and consider how innovations and new 
technologies might be applied in their firm. As members of the IS organization 
review and consider the corporate objectives, goals, and strategies, they can 
generate many ideas for IS projects that support corporate objectives and goals. 
They also recognize the need for IS projects that help other corporate units 
fulfill their business objectives. Often, experienced IS managers are assigned to 
serve as liaisons with the business units in order to gain a deeper understand- 
ing of each business unit and its needs. The IS managers are then able to help 
identify and define IS projects needed to meet those needs. 

Most organizations find it useful to classify various potential projects by 
type. One such classification system is shown in Table 12.6. 


TABLE 12.6 Project classification example 


Project Type Definition Risk Factors Associated with Project Type 


Breakthrough Creates a competitive advantage that enables the High cost; very high risk of failure and potential 
organization to earn a greater than normal return business disruption 
on investment than its competitors 


Growth Generates substantial new revenue or profits for High cost; high risk of failure and potential 
the firm business disruption 

Innovation Explores the use of technology (or a new Risk can be managed by setting cost limits, estab- 
technology) in a new way lishing an end date, and defining 

criteria for success 

Enhancement Upgrades an existing system to provide new Risk that scope of upgrade may expand, making it 
capabilities that meet new business needs difficult to control cost and schedule 

Maintenance Implements changes to an existing system to enable Risk that major rework may be required to make 
operation in a different technology environment system work in a new technology environment; 
(e.g., underlying changes in hardware, operating potential for system performance degradation 
systems, or database management systems) 

Mandatory Needed to meet requirements of a legal entity or Risk that mandated completion date is missed; 
regulatory agency may be difficult to define tangible benefits; costs 


can skyrocket 


Prioritizing IS Projects and Initiatives 


Typically, an organization identifies more IS-related projects and initiatives than 
it has the people and resources to staff. An iterative process of setting priorities 
and determining the resulting budget, staffing, and timing is needed to define 
which projects will be initiated and when they will be executed. Many orga- 
nizations create an IS investment board of business unit executives to review 
potential projects and evaluate them from several different perspectives: 


1. First and foremost, each viable project must relate to a specific organiza- 
tional goal. These relationships make it clear that executing each project 
will help meet important organizational objectives (see Figure 12.5). 


FIGURE 12.5 Organizational 


Projects must be related to objective 
goals and objectives 
Objectives define goals lead that in ie 
turn identify projects consistent with Organizational 
fen tag goal 
those objectives and goals. | 
Potential 


IT-related project 
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2. Can the organization measure the business value of the initiative? Will there 
tangible benefit: A benefit that can be tangible benefits, or are the benefits intangible? Tangible benefits can 
be measured directly and assigned a be measured directly and assigned a monetary value. For example, the 
monetary value: number of staff before and after the completion of an initiative can be 

measured, and the monetary value is the decrease in staffing costs, such 
intangible benefit: A benefit as salary, benefits, and overhead. Intangible benefits cannot directly be 
that cannot directly be measured measured and cannot easily be quantified in monetary terms. For example, 
and cannot easily be quantified in an increase in customer satisfaction due to an initiative is important but is 
monetary terms. epe : . 

difficult to measure and cannot easily be converted into a monetary value. 

3. What kinds of costs (hardware, software, personnel, consultants, etc.) are 
associated with the project, and what is the likely total cost of the effort 
over multiple years? Consider not just the initial development cost but 
the total cost of ownership, including operating costs, support costs, and 
maintenance fees. 

4. Preliminary costs and benefits are weighed to see if the project has an 
attractive rate of return. Unfortunately, costs and benefits may not be well 
understood at an early phase of the project, and many worthwhile projects 
do not have benefits that are easy to quantify. 

5. Risk is another factor to consider. Managers must consider the likelihood 
that the project will fail to deliver the expected benefits; the actual cost will 
be significantly more than expected; the technology will become obsolete 
before the project is completed; the technology is too “cutting edge” and 
will not deliver what is promised; or the business situation will change so 
that the proposed project is no longer necessary. 

6. Some projects enable other projects. For example, a new customer database 
may be required before the order-processing application can be upgraded. 
Therefore, some sequencing of projects must be considered. 

7. Is the organization capable of taking on this project? Does the IS organization 
have the skills and expertise to execute the project successfully? Is the organi- 
zation willing and able to make the required changes to receive their full value? 


Critical Virtual Printing 


Thinking» COMMUNICATION AND PROBLEM SOLVING 
Exercise 


You are working as a business analyst at MAX Printing Systems (MPS), a company 
that makes high-speed printers. MPS dominates the mature high-speed printing 
industry, with approximately one-third of the total market. Because many com- 
panies are transitioning to paperless bills, however, this is not a growth industry. 
Your company is still profitable, due to its large market share, but revenue is 
stagnant. 

You have been working at MPS for a little more than a year and are looking 
for opportunities to make a name for yourself. The vice president of sales, Dom 
Caruso, joins a meeting where you are in attendance. Dom pulls you aside after the 
meeting and tells you that he would like to roll out virtual reality software to his 
salesforce. Dom is extremely influential, having one of the longest tenures at the 
organization. You know that if you successfully led a project he was championing, 
you would almost be guaranteed a promotion. 

Excitedly, you ask Dom how he envisions using the virtual reality software. He 
replies, “I don’t know. But we have to get it!” and then walks out of the room. You 
are left wondering what to do next. 


Review Questions 


1. What is the first thing you should do when you return to your desk? 
2. How would you go about determining the viability of this project? 
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Critical Thinking Questions 

1. Would you investigate this type of software further or just wait until Dom 
speaks to an IS manager? 

2. Should your company use technology to innovate in this mature industry, or 
would it be better to simply maintain the status quo because the company has 
such a large market share? 


Innovation & Change in the Organization es ’ 2a 


Your organization’s current products, services, and ways of accomplishing work 
are doomed to obsolescence. Fail to change and your competition will take 
away your customers and your profits. Positive change is a key ingredient for 
any successful organization. This section will discuss important topics related 
to change including innovation, reengineering, continuous improvement, out- 
sourcing, offshoring, and downsizing. 


Innovation 
innovation: The application of new Innovation is the application of new ideas to the products, processes, and activi- 
ideas to the products, processes, and ties of a firm, leading to increased value. Innovation is the catalyst for the growth 


activities of a firm, leading to increased 


Gaile and success of any organization. It can build and sustain profits, create new chal- 


lenges for the competition, and provide added value for customers. Innovation and 
change are absolutely required in today’s highly competitive global environment; 
without both, the organization is at risk of losing its competitiveness and becoming 
obsolete. The following is a list of just a few of today’s most innovative products: 


e Tile is an innovative product that helps solve a problem we all 
encounter—occasionally misplacing everyday items and wasting time try- 
ing to find them. Tile is a smartphone app combined with small devices 
(tiles) that consumers can stick on their keys, TV remote controls, purses, 
and wallets. A proximity sensor plays a musical sound through the smart- 
phone app when you come within 100 feet of the tile, so you can walk 
around to see if the missing item is hiding nearby. 

e Health care technology company iHealth has introduced several different sen- 
sors that can measure and report on a wide array of biometric data, including 
steps taken, distance covered, and calories burned; sleep efficiency; blood 
pressure; glucose level; and blood oxygen saturation level and pulse rate. 

e Ooma Butterfleye offers an economical home security product that 
employs a megapixel camera smart enough to recognize you, members 
of your family, and even your pets. If a stranger is caught inside your 
home within view of the camera, Ooma Butterfleye uses your home 
Wi-Fi system to alert you via an app. 

e NeuroMetrix created Quell, an FDA-approved device that stimulates the brain 
to block pain receptors for patients with chronic conditions. The device is 
worn around the calf and calibrated to the user’s body to ensure that it deliv- 
ers the exact amount of relief needed. Quell performs functions similar to 
existing devices that must be surgically implanted at much higher cost. 


Various authors and researchers have identified different ways of classi- 
fying innovation. A simple classification developed by Clayton Christensen, 
a leading researcher in this field, is to think of two types of innovation— 
sustaining and disruptive.” 

Sustaining innovation results in enhancements to existing products, ser- 
vices, and ways of operating. Such innovations are important because they 
enable an organization to continually increase profits, lower costs, and gain 
market share. Several high-tech companies have become industry powerhouses 
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reengineering (process 
redesign/business process 
reengineering [BPR]): The 
radical redesign of business 
processes, organizational structures, 
information systems, and values of the 
organization to achieve a breakthrough 
in business results. 


Reengineering 

Reengineering involves the radical 
redesign of business processes, 
organizational structure, information 
systems, and the values of an orga- 
nization to achieve a breakthrough 
in business results. 


through the use of sustaining innovation. Apple disrupted the cellular phone 
market in 2007 when releasing the first iPhone, but since then the company has 
made nearly $383 billion in net income in large part by continually improving 
upon the same technology.” Another powerhouse, Microsoft, owes over half of 
its earnings since 1985 to the company commitment to sustaining innovation 
of its Windows operating system and Office products.*® And Intel’s source of 
income comes from improving upon its x386 microprocessor chip, which was 
introduced in 1985.3! 

A disruptive innovation is one that initially provides a lower level of per- 
formance than the marketplace has grown to accept. Over time, however, the 
disruptive innovation is improved to provide new performance characteristics, 
becoming more attractive to users in a new market. As it continues to improve 
and begins to provide a higher level of performance, it eventually displaces the 
former product or way of doing things. The cell phone is a good example of a 
disruptive innovation. The first commercial handheld cell phone was invented 
in 1973. It weighed 2.5 pounds, had a battery life of less than 30 minutes, cost 
more than $3000, and had extremely poor sound quality.*? Compare that with 
today’s ubiquitous smart cell phones that have one-fifteenth the weight, one- 
fifth the cost, and over 40 times longer battery life****; smartphones can not 
only place calls but also serve as a camera, a video recorder, and a handheld 
computer that can run applications and access the Internet. 


Reengineering and Continuous Improvement 


To stay competitive, organizations must occasionally make fundamental changes 
in the way they do business. In other words, they must innovate and change 
the activities, tasks, or processes they use to achieve their goals. 
Reengineering, also called process redesign and business process 
reengineering (BPR), involves the radical redesign of business processes, 
organizational structures, information systems, and values of the organiza- 
tion to achieve a breakthrough in business results. See Figure 12.6. Successful 
reengineering can reduce delivery time, increase product and service quality, 
enhance customer satisfaction, and increase revenues and profitability. 
Michael Hammer, former professor of computer science at MIT, coined the 
term “business process reengineering.” His message was simple. He implored 
businesses not to automate what has always been done, but rather to eliminate 
steps that do not add value and then to reimagine the process. This simple, yet 
profound idea, has resulted in saving time and money for many companies.» 


Reengineering— 
Business 
process redesign 


Changes to 
organizational 
values 


Changes to 
information 
systems 
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In the 1990s, Ford Motor Company decided that cost cutting was necessary 
in its bloated accounts payable department. The accounts payable process was 
quite complex and inefficient at Ford. With a workforce of 500 people in the 
department, errors were unavoidable. In order to repair the process, management 
initially set a goal of reducing the department headcount by 20 percent. When 
discovered that their competitor, Mazda, was able to run their accounts payable 
department with only five people, Ford’s management decided that a full redesign 
process was needed. In the end, Ford was able to reduce the size of the depart- 
ment by 75 percent and also improved their vendor relationships in the process.*° 

continuous improvement: A In contrast to reengineering, the idea of continuous improvement (often 
form of innovation that involves referred to by the Japanese word “Kaizen”) is a form of innovation that involves 
constantly seeking: ways tain ave constantly seeking ways to improve business processes and add value to prod- 
business processes and add value to : g : sae x 2 
products and services. ucts and services. This continual change will increase customer satisfaction and 
loyalty and ensure long-term profitability. Manufacturing companies make con- 
tinual product changes and improvements. Service organizations regularly find 
ways to provide faster and more effective assistance to customers. By doing 
so, organizations increase customer loyalty, minimize the chance of customer 
dissatisfaction, and diminish the opportunity for competitive inroads. 

Popular continuous improvement methods include Lean, Six Sigma, and Total 
Quality Management. Toyota invented the Lean process, which involves taking a 
customer-centric approach by looking to eliminate processes that don’t deliver 
value to the customer, result in errors, or waste resources. Six Sigma, on the other 
hand, takes a quality approach that focuses on identifying and rectifying the root 
causes of problems or defects. Total Quality Management (TQM), developed by 
W. Edward Deming, is the oldest of these methods, and it emphasizes the need 
to involve all employees in improving quality by eliminating errors.” 

In 2010, Sky Deutschland, the leading pay-TV provider in Germany and 
Austria, was in real financial trouble. Business was growing very slowly and 
many current customers were leaving the cable-provider. Additionally, the fixed 
costs were high, and the company frequently had insufficient stock of their 
products. Simply put, the company was losing money. As a result, a new vice 
president of logistics was hired to turn the company around. With a multiyear 
Lean plan to focus on supply chain and continuous improvement, the company 
started making a profit again in 2016. The new VP made several changes, set- 
ting the cable company to become solvent once again. As an example of such a 
change, the new VP honed in on the insufficient stock issues. The base problem 
was discovered to be a lack of forecasting in the customer service department. 
By better forecasting the future needs of products, Sky Deutschland could 
eliminate the problem of insufficient stock and repairing relationships with 
suppliers. Sky Deutschland’s turnaround was a remarkable feat given the recent 
changes in the industry and the television market.** 

Table 12.7 compares the strategies of business process reengineering and 
continuous improvement. 


TABLE 12.7 Comparing business process reengineering with continuous improvement 


Business Process Reengineering Continuous Improvement 


Strong action taken to solve serious problem Routine action taken to make minor improvements 
Top-down change driven by senior executives Bottom-up change driven by workers 

Broad in scope; cuts across departments Narrow in scope; focuses on tasks in a given area 
Goal is to achieve a major breakthrough Goal is continuous, gradual improvements 


Often led by resources from outside the company Usually led by workers close to the business 


Information systems are integral to the solution Information systems provide data to guide the improvement team 
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culture: A set of major 
understandings and assumptions 
shared by a group, such as within an 
ethnic group or a country. 


organizational culture: The 
major understandings and 
assumptions for a business, 
corporation, or other organization. 


organizational change: The 
way in which for-profit and nonprofit 
organizations plan for, implement, and 
handle change. 


soft side of implementing 
change: The work designed to help 
employees embrace a new information 
system and way of working. 


change model: A representation 
of change theories that identifies the 
phases of change and the best way to 
implement them. 


Organizational Culture and Change 


Culture is a set of major understandings and assumptions shared by a group, 
such as within an ethnic group or a country. Organizational culture consists 
of the major understandings and assumptions for an organization. The under- 
standings, which can include common beliefs, values, and approaches to deci- 
sion making, are often neither stated nor documented as goals or formal 
policies. For example, salaried employees might be expected to check their 
email and instant messages around the clock and be highly responsive to all 
such messages. 

Mark Twain said, “It’s not the progress I mind, it’s the change I don’t like.” 
Organizational change deals with how organizations successfully plan for, 
implement, and handle change. Change can be caused by internal factors, such 
as those initiated by employees at all levels, or by external factors, such as 
those wrought by competitors, stockholders, federal and state laws, community 
regulations, natural disasters, and general economic conditions. 

Implementing change, such as a new information system introduces con- 
flict, confusion, and disruption. People must stop doing things the way they are 
accustomed to and begin doing them differently. Successful implementation of 
change only happens when people accept the need for change and believe that 
the change will improve their productivity and enable them to better meet their 
customers’ needs. The so-called soft side of implementing change involves 
work designed to help employees embrace a new information system and way 
of working. This effort represents the biggest challenge to successful change 
implementation, yet it is often overlooked or downplayed, resulting in project 
failure. Indeed, both the Standish Group and Gartner, two highly respected 
organizations that track project implementations globally, believe that a signifi- 
cant contributor to project failures is overlooking the need to address employee 
adoption and resistance jointly.°” 

A recent study of almost 4,000 project management professionals, senior 
executives, and PMO (project management office) directors from around the 
world found that worldwide, organizations lose $97 million for every $1 bil- 
lion spent on projects and programs due to failure.“ Often, failure is caused 
by not managing the organizational change along with the processes and 
technology.“ 

The California Department of Consumer Affairs is made up of more than 40 
entities (including multiple boards, bureaus, committees, and one commission) 
that regulate and license professional and vocational occupations that serve the 
people of California. Each year, the department processes over 350,000 appli- 
cations for professional licensure along with some 1.2 million license renewals. 
The BreEZe project was initiated in 2009 to streamline the way the department 
does its business and interacts with its license applicants and consumers.‘? 
The resulting information system was intended to eliminate many paper-based 
processes and speed up the entire licensing process. Unfortunately, the project 
team failed to adequately involve the business users in the definition of the sys- 
tem requirements and instead made many erroneous decisions about how the 
system should work. The initial cost estimate for the system was $28 million; 
however, as of early 2015, project costs exceeded $37 million and less than half 
the licensing and regulatory boards were using the system. At completion, the 
project cost $96 million and the system was implemented at only half of the 
planned regulatory agencies. Much of the delay and overspending could have 
been avoided had the project team worked better with the business users to 
understand their needs.‘ 

The dynamics of how change is implemented can be viewed in terms of a 
change model. A change model represents change theories by identifying the 
phases of change and the best way to implement them. A number of models 
for dealing with the soft side of implementing change will now be introduced. 
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User Satisfaction and Technology Acceptance 


Reengineering and continuous improvement efforts (including implementa- 
tion of new information systems) must be adopted and used to achieve the 
technology acceptance model defined business objectives by targeted users. The technology acceptance 
(TAM): A model that specifies the model (TAM) specifies the factors that can lead to better attitudes about the 
factors that can lead to better attitudes use of a new information system, along with its higher acceptance and usage. 
about an intormation: system, along! See Figure 12.7. In this model, “perceived usefulness” is defined as the degree 
with higher acceptance and usage of it. ; 
to which individuals believe that use of the system will improve their perfor- 
mance. The “perceived ease of use” is the degree to which individuals believe 
that the system will be easy to learn and use. Both the perceived usefulness 
and ease of use can be strongly influenced by the expressed opinions of others 
who have used the system and the degree to which the organization supports 
use of the system (e.g., providing incentives and offering training and coach- 
ing from key users). Perceived usefulness and ease of use in turn influence an 
individual’s attitude toward the system, which affect their behavioral intention 
to use the system.“ 


Perceived 
usefulness (U) 


External Attitude Behavioral 
variables toward intention ton 
using (A) use (BI) | 


Perceived 
ease of use (E) 


Technology acceptance model 

Perceived usefulness (U) and perceived ease of use (E) strongly influence whether someone will use an informa- 
tion system. Management can improve that perception by demonstrating that others have used the system effec- 
tively and by providing user training and support. 


As with any other technology, autonomous cars (or driverless cars) are 
subject to the technology acceptance model. When the first horseless carriage 
(automobile) was invented in 1897, the general population did not embrace this 
technology. In fact, the magazine, A Horseless Age, published an article about 
horseless carriages in 1897 stating, “There is a sense of incompleteness about 
it. You seemed to be sitting on the end of a huge pushcart, propelled by an 
invisible force and guided by a hidden hand. ... Gradually I felt that I did not 
need the protection of a horse in front of me.’” As resistant as people were 
back then, cars became commonplace and traveling more than 5-10 miles from 
home became normal. 

Fast forward 120+ years as we find a resistance to yet another technology— 
the autonomous car. The benefits to autonomous vehicles are numerous; this 
technology can reduce vehicular deaths due to human error and reduce traffic 
and carbon emissions. Why isn’t the public rushing to adopt this new tech- 
nology? Issues regarding data collection (privacy), safety, and accident liability 
are still concerning. Furthermore, the public does not yet “trust” the car to get 
to the intended location safely. And some people enjoying the driving experi- 
ence, knowing that by driving themselves they will get where they want to go 
without needing extra technology. In time, we will wonder why it took us so 
long to embrace driverless transportation that can service every age and every 
ability. As the perceived usefulness and ease of use increases, adoption of the 
driverless technology will become inevitable. 
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diffusion of information theory: 
A theory developed by E.M. Rogers 

to explain how a new idea or product 
gains acceptance and diffuses (or 
spreads) through a specific population 
or subset of an organization. 


Innovators 


2.5% 


Diffusion of Innovation Theory 


The diffusion of innovation theory was developed by E.M. Rogers to explain 
how a new idea or product gains acceptance and diffuses (or spreads) through 
a specific population or subset of an organization. A key point of this theory is 
that adoption of any innovation does not happen all at once for all members 
of the targeted population; rather, it is a drawn-out process, with some people 
quicker to adopt the innovation than others. See Figure 12.8. Rogers defined five 
categories of adopters, shown in Table 12.8, each with different attitudes toward 
innovation. When promoting an innovation to a target population, it is import- 
ant to understand the characteristics of the target population that will help or 
hinder adoption of the innovation and then to apply the appropriate strategy. 
This theory can be useful in planning the rollout of a new information system. 


Early 
adopters Early majority Late majority Laggards 
13.5% 34% 34% 16% 


FIGURE 12.8 
Innovation diffusion 
Adoption of any innovation does not happen all at once for all members of the targeted population; 


rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. 
Source: Everett Rogers, Diffusion of Innovations 


TABLE 12.8 Five categories of innovation adopters 


Adopter Category Characteristics Strategy to Use 

Innovator Risk takers; always the first to try new Simply provide them with access to the new 
products and ideas system and get out of their way 

Early adopter Opinion leaders whom others listen to and Provide them assistance getting started 


follow; aware of the need for change 


Early majority Listen to and follow the opinion leaders Provide them with evidence of the system’s 


effectiveness and success stories 
Late majority Skeptical of change and new ideas Provide them data on how many others have 
tried this and have used it successfully 
Laggards Very conservative and highly skeptical of Have their peers demonstrate how this change 
change has helped them and bring pressure to bear 


Project Management 


project: A temporary endeavor 
undertaken to create a unique product, 
service, or result. 


from other adopters 


A project is a temporary endeavor undertaken to create a unique product, ser- 
vice, or result. Each project attempts to achieve specific business objectives and 
is subject to certain constraints, such as total cost and completion date. Organiza- 
tions must always make clear connections among business objectives, goals, and 
projects; also, projects must be consistent with business strategies. For example, 
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core competency: Something 
that a firm can do well and that 
provides customer benefits, is hard 

for competitors to imitate, and can be 
leveraged widely to many products and 
markets. 


project scope: A definition of which 
tasks are and which tasks are not 
included in a project. 
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an organization may have a business objective to improve customer service by 
offering a consistently high level of service that exceeds customers’ expectations. 
Initiating a project to reduce costs in the customer service area by eliminating all 
but essential services would be inconsistent with this business objective. 

At any point in time, an organization may have dozens or even hundreds 
of active projects, aimed at accomplishing a wide range of results. Projects are 
different from operational activities, which are repetitive activities performed 
over and over again. Projects are not repetitive; they come to a definite end 
once the project objectives are met or the project is cancelled. Projects come in 
all sizes and levels of complexity, as you can see from the following examples: 


e A senior executive led a project to integrate two organizations following 
a corporate merger. 

e A consumer goods company executed a project to launch a new product. 

e An operations manager led a project to outsource part of a firm’s opera- 
tions to a contract manufacturer. 

e A hospital executed a project to load an app on physicians’ smartphones 
that would enable them to access patient data. 

e A computer software manufacturer completed a project to improve the 
scheduling of help desk technicians and reduce the time on hold for call- 
ers to its telephone support services. 

e A staff assistant led a project to plan the annual sales meeting. 

e A manager completed a project to enter her departmental budget into a 
preformatted spreadsheet template. 


Unfortunately, IS-related projects are not always successful. The Standish 
Group has been tracking the success rate of IS projects for over 20 years, and 
although the success rate has improved over time due to improved methods, 
training, and tools, roughly 14 percent“ of all IS projects fail outright, but 
many more face major challenges such as lateness, budget overruns, and lack 
of required features. 

Researchers Hamel and Prahalad defined the term core competency to 
mean something that a firm can do well and that provides customer benefits, is 
hard for competitors to imitate, and can be leveraged widely to many products 
and markets. Today, many organizations recognize project management as 
one of their core competencies and see their ability to manage projects better 
as a way to achieve an edge over competitors and deliver greater value to share- 
holders and customers. As a result, those organizations spend considerable 
effort identifying potential project managers and then training and developing 
them. For many managers, their ability to manage projects effectively is a key 
to their success within an organization. 


Project Variables 


Five highly interrelated parameters define a project—scope, cost, time, quality, 
and user expectations. If any one of these parameters changes for a project, 
there must be a corresponding change in one or more of the other parameters. 
A brief discussion of these parameters follows. 


Scope 
Project scope is a definition of which tasks are and which tasks are not 
included in a project. Project scope is a key determinant of the other project 
factors and must be carefully defined to ensure that a project meets its essential 
objectives. In general, the larger the scope of the project, the more difficult it 
is to meet cost, schedule, quality, and stakeholder expectations. 

In April 2016, the Canadian government rolled out a new payroll system 
named Phoenix that was intended to modernize payroll processing for all 
government employees. The system, which was originally budgeted to cost 
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sponsoring business unit: The 
business unit most affected by the 
project and the one whose budget will 
cover the project costs. 


C$155 million, was C$119 million over budget at the time it launched. Even 
before the rollout was over, it was clear the system suffered from major flaws 
and security weaknesses that resulted from poor decision making throughout 
the project—including decisions made to change the project scope to try to 
contain budget overruns. For instance, to save money during development, 
senior executives involved in the project decided to scale back work on 100 of 
the system’s 984 pay-processing functions; nevertheless, those functions were 
reinstated—without testing—when the system was deployed. And incredibly, 
not only was the system never put through end-to-end testing, it was also 
based on a version of PeopleSoft, a human resource application suite, that 
the project team knew was no longer going to be supported after 2018. As a 
result of the system’s flaws, many civil servants went without paychecks or 
were paid incorrectly by the new system over the course of many months. 
Even the security of the system was in jeopardy, resulting in several breaches 
of confidential employee information. The system is now expected to cost 
the Canadian government C$1.2 billion through the end of 2019 and many 
millions more before it can be replaced in 2025. Phoenix is a vivid example 
of a project that had almost no project management oversight and terrible IT 
decision making throughout.” 


Cost 


The cost of a project includes all the capital, expenses, and internal cross- 
charges associated with the project’s buildings, operation, maintenance, and 
support. Capital is money spent to purchase assets that appear on the orga- 
nization’s balance sheet and are depreciated over the life of the asset. Capital 
items typically have a useful life of at least several years. A building, office 
equipment, computer hardware, and network equipment are examples of cap- 
ital assets. Computer software also can be classified as a capital item if it costs 
more than $1000 per unit, has a useful life exceeding one year, and is not used 
for research and development. 

Expense items are non-depreciable items that are consumed shortly after 
they are purchased. Typical expenses associated with an IS-related project 
include the use of outside labor or consultants, travel, and training. Software 
that does not meet the criteria to be classified as a capital item is classified as 
an expense item. 

Many organizations use a system of internal cross-charges to account for 
the cost of employees assigned to a project. For example, the fully loaded cost 
(salary, benefits, and overhead) of a manager might be set at $120,000 per year. 
The sponsoring organization’s budget is cross-charged this amount for each 
manager who works full time on the project. (The sponsoring business unit 
is the business unit most affected by the project and the one whose budget will 
cover the project costs.) So, if a manager works at a 75 percent level of effort 
on a project for five months, the cross-charge is $120,000 X 0.75 X 5/12 = 
$37,500. The rationale behind cross-charging is to enable sound economic 
decisions about whether employees should be assigned to project work 
or to operational activities. If employees are assigned to a project, cross- 
charging helps organizations determine which project makes the most eco- 
nomic sense. 

Organizations have different processes and mechanisms for budgeting and 
controlling each of the three types of costs: capital, expense, and internal cross- 
charge. Money from the budget for one type of cost cannot be used to pay 
for an item associated with another type of cost. Thus, a project with a large 
amount of capital remaining in its budget cannot use the available dollars to 
pay for an expense item even if the expense budget is overspent. 

Table 12.9 summarizes and classifies various types of common costs asso- 
ciated with an IS-related project. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


CHAPTER 12 © Strategic Planning and Project Management 471 


TABLE 12.9 Typical |S-related project costs 


Development Costs 


Capital Internal Cross-Charge Expense 


Employee-related expenses 


© Employees’ effort x 

© Travel-related expenses x 
e Training-related expenses x 
Contractor and consultant charges X 


IS-related capital and expenses 


© Software licenses (software purchases that qualify as a capital expense) x 
© Software licenses (software that does not qualify as a capital expense) X 
© Computing hardware devices X 
@ Network hardware devices x 
è Data capture/data entry equipment x 
Total development costs x x x 


Time 

The timing of a project is frequently a critical constraint. For example, in most 
organizations, projects that involve finance and accounting must be scheduled 
to avoid any conflict with operations associated with the closing of end-of- 
quarter books. Often, projects must be completed by a certain date to meet an 
important business goal or a government mandate. 


La William Needham Finley IV 


Follow 


Expectation vs. Reality 


#fyre #tyretestiva 


merne 2 OCF BGOS SOOO 


Source: Twitter, Inc. 


Reasons for the failure of the Fyre Festival are numerous, but time was 
definitely not on the founders’ side. Billy McFarland and rapper Ja Rule envi- 
sioned an upscale music festival that would bring together top musical artists, 
famous models and celebrities, and thousands of attendees on a beautiful 
private island in the Bahamas. The festival was positioned as a classy music 
festival for millennials, featuring private villas, private airplanes, water sports, 
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quality: The degree to which a 
project meets the needs of its users. 


and upscale food and drink. However, the time constraints of this project 
quickly overwhelmed the founders. The island originally chosen for the festival 
could not accommodate 8,000" attendees and had to be changed a few months 
before the scheduled event. Top acts were not booked until two months out, 
and housing, bathroom, and shower facilities were not fully constructed before 
the guests arrived on the island. None of the musical acts ever made it to the 
island, and after the first wave of guests spent their first night in tents with only 
cheese sandwiches to eat, they returned to the airport to spend the next night 
awaiting a flight home. Attendees lost thousands of dollars on a vacation that 
never happened. The Fyre Festival is a prime example of a poorly managed 
project with time constraints the founders were completely unable to meet. 
Whether the entire thing was a scam or just a project that needed more time to 
become a reality, founder Billy McFarland now resides in prison, found guilty 
of fraud charges in connection with the festival.>* 5 


Quality 

The quality of a project can be defined as the degree to which the project 
meets the needs of its users. The quality of a project that delivers an IS-related 
system may be defined in terms of the system’s functionality, features, system 
outputs, performance, reliability, and maintainability. 

Failure to meet users’ functionality and performance needs detracted from 
the initial introduction of the iPhone 6. Apple sold an astounding 10 million of 
the iPhone 6 and iPhone 6 Plus models in the first few days they were available. 
Unfortunately, the new iPhones had both hardware and software problems 
that caused the devices to fail to meet users’ functionality and performance 
expectations. Apple’s new mobile operating system iOS 8 for the devices came 
without promised apps that used a health and fitness feature called Health- 
Kit. In addition, it turned out that the iPhone 6 Plus was too pliable, with 
some users complaining that the phone bent when sitting in their pockets for 
extended periods. Then, when Apple released an iOS 8 update aimed at fixing 
the HealthKit problem, some users complained the update had caused their 
iPhones to lose the ability to make phone calls.* 


User Expectations 

As a project begins, stakeholders will form expectations—or will already 
have expectations—about how the project will be conducted and how it will 
affect them. For example, based on previous project experience, the end users 
of a new IS system may expect that they will have no involvement with the 
system until it is time for them to be trained. However, the project manager 
may follow a more progressive development process that requires users to 
help define system requirements, evaluate system options, try out system 
prototypes, develop user documentation, and define and conduct the user 
acceptance test. 

As another example, end users may expect to participate in weekly project 
status meetings to hear progress reports firsthand. However, the project man- 
ager may not have considered involving them in the status meetings or may 
not even be planning weekly meetings. 

Both examples illustrate the huge differences in expectations that can exist 
between stakeholders and project members. It is critical to a project’s success 
to identify expectations of key stakeholders and team members; any differences 
must be resolved to avoid future problems and misunderstandings. 

The five project parameters—scope, cost, time, quality, and user expectations— 
are all closely interrelated, as shown in Figure 12.9. For example, if the time 
allowed to complete the project is decreased, it may require an increase in project 
costs, a reduction in project quality and scope, and a change of expectations among 
the project stakeholders, as shown in Figure 12.10. 
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FIGURE 12.9 


The five parameters that 


define a project 
The five parameters that define a 
project are all highly interrelated. 


Revised project definition 

A change in any one of the project 
variables (cost, time, scope, quality, 
or expectations) can impact the 
other variables. 


project management: The 
application of knowledge, skills, and 
techniques to project activities to meet 
project requirements. 


project stakeholders: The people 
involved in the project or those affected 
by its outcome. 
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What Is Project Management? 


Project management is the application of knowledge, skills, and techniques to 
project activities to meet project requirements. Project managers must deliver a 
solution that meets specific scope, cost, time, and quality goals while manag- 
ing the expectations of the project stakeholders—the people involved in the 
project or those affected by its outcome. 

The essence of artistic activity is that it involves high levels of creativity and 
freedom to do whatever the artist feels. Scientific activity, on the other hand, 
involves following defined routines and exacting adherence to laws. Under 
these definitions, part of project management can be considered an art, because 
project managers must apply intuitive skills that vary from project to project 
and even from team member to team member. The “art” of project management 
also involves salesmanship and psychology in convincing others of the need 
to change and that this project is right to do. 

Project management is also part science because it uses time-proven, 
repeatable processes and techniques to achieve project goals. Thus, one 
challenge to successful project management is recognizing when to act as 
an artist and rely on one’s own instinct and when to act as a scientist and 
apply fundamental project management principles and practices. The fol- 
lowing section covers the 10 areas associated with the science of project 
management. 


Project Management Knowledge Areas 


According to the Project Management Institute (PMD, project managers must 
coordinate 10 areas of expertise: scope, schedule, cost, quality, resource, com- 
munications, risk, procurement, integration, and stakeholder management as 
shown in Figure 12.11. 
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FIGURE 12.11 


The 10 project management 


knowledge areas 
There are 10 areas associated with 
the science of project management. 


scope management: A set of 
activities that include defining the work 
that must be done as part of a project 
and then controlling the work to stay 
within the agreed-upon scope. 


Integration 


Stakeholders 


Procurement Schedule 


Cost 


Communications 


Resource 


Scope Management 

Scope management includes defining the work that must be done as part 
of the project and then controlling the work to stay within the agreed-upon 
scope. Key activities include initiation, scope planning, scope definition, scope 
verification, and scope change control. 

To avoid problems associated with a change in project scope, a formal 
scope change process should be defined before the project begins. The project 
manager and key business managers should decide whether they will allow 
scope changes at any time during the project, only in the early stages of the 
project, or not at all. The trade-off is that the more flexibility you allow for 
scope changes, the more likely the project will meet users’ features and perfor- 
mance requirements. However, the project will be more difficult to complete 
within changing time and budget constraints as it is harder to hit a moving 
target. 

The change process should capture a clear definition of the change that is 
being requested, who is requesting it, and why. If the project team has decided 
not to allow any scope changes during the project, then each new requested 
scope change is filed with other requested changes. Once the original project 
is complete, the entire set of requested scope changes can be reviewed, and 
the project team can decide which, if any, of the changes will be implemented 
and when. Often, it is cheaper to initiate one project to implement numerous 
related changes rather than start several independent projects. A follow-on 
project can then be considered to implement the recommended changes. The 
scope, cost, schedule, and benefits of the project must be determined to ensure 
that it is well defined and worth doing. 
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schedule management: A set 

of activities that includes defining an 
achievable completion date that is 
acceptable to the project stakeholders, 
developing a workable project 
schedule, and ensuring the timely 
completion of the project. 


project schedule: A plan that 
identifies the project activities that 
must be completed, the expected start 
and end dates, and what resources are 
assigned to each task. 


project milestone: A critical 
date for completing a major part of 
the project, such as program design, 
coding, testing, and release (for a 
programming project). 


project deadline: The date the 
entire project should be completed and 
operational—when the organization 
can expect to begin to reap the 
benefits of the project. 


slack time: The amount of time 
an activity can be delayed without 
delaying the entire project. 


critical path: All project activities 
that, if delayed, would delay the entire 
project. 


gantt chart: A graphical tool 
used for planning, monitoring, and 
coordinating projects; it is essentially 
a grid drawn on a timescale that lists 
activities and deadlines. 


work breakdown structure 
(WBS): An outline of the work to be 
done to complete the project. 


predecessor task: A task that 
must be completed before a later task 
can begin. 
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If the project team has decided to allow scope changes during the project, 
then time and effort must be allowed to assess how the scope change will affect 
the interrelated project variables of cost, schedule, quality, and expectations. 
This impact on the project must be weighed against the benefits of imple- 
menting the scope change, and the team must decide whether to implement 
the scope change. Of course, there may be alternatives for implementing a 
particular scope change, and the pros and cons must be weighed for each. The 
time required just to research scope changes can add considerable cost and 
time to the original project. Each scope change should be formally approved 
or rejected by the project manager and key stakeholders. 


Schedule Management 


Schedule management includes defining an achievable completion date that is 
acceptable to the project stakeholders, developing a workable project schedule, 
and ensuring the timely completion of the project. Successful schedule manage- 
ment requires identifying specific tasks that project team members and/or other 
resources must complete; sequencing these tasks, taking into account any task 
dependencies or hard deadlines; estimating the amount of resources required 
to complete each task, including people, material, and equipment; estimating 
the elapsed time to complete each task; analyzing all this data to create a proj- 
ect schedule; and controlling and managing changes to the project schedule. 

The bigger the project, the more likely that poor planning will lead to 
significant problems. Well-managed projects use effective planning tools and 
techniques, including schedules, milestones, and deadlines. A project schedule 
identifies the project activities that must be completed, the expected start and 
end dates, and what resources are assigned to each task. A project schedule is 
needed to complete a project by a defined deadline, avoid rework, and ensure 
that people know what to do and when to do it. A project milestone is a crit- 
ical date for completing a major part of the project, such as program design, 
coding, testing, and release (for a programming project). The project deadline 
is the date the entire project should be completed and operational—when the 
organization can expect to begin to reap the benefits of the project. 

In a systems development project, each activity is assigned an earliest 
start time and an earliest finish time. Each activity is also allocated slack time, 
which is the amount of time an activity can be delayed without delaying the 
entire project. The critical path of a project consists of the set of project activ- 
ities that, if delayed, would delay the entire project. These activities have zero 
slack time. Any problems with critical path activities will cause problems for 
the entire project. To ensure that critical path activities are completed on time, 
project managers use certain approaches and tools such as Microsoft Project 
to help compute these critical project attributes. 

A Gantt chart is a graphical tool used for planning, monitoring, and coor- 
dinating projects; it is essentially a grid drawn on a timescale that lists activities 
and deadlines. Each time a task is completed, a marker such as a darkened line 
is placed in the proper grid cell to indicate the completion of a task. 

The development of a work breakdown structure is a critical activity needed 
for effective schedule management. A work breakdown structure (WBS) 
is an outline of the work to be done to complete the project. You start by 
breaking the project into various stages or groups of activities that need 
to be performed. Then, you identify the tasks associated with each project 
stage. A task typically requires a week or less to complete and produces 
a specific deliverable—a tangible output such as a flowchart or end-user 
training plan. 

After the activities are identified in the WBS, the tasks within each stage 
are sequenced. All predecessor tasks are identified—these are tasks that must 
be completed before a later task can begin. For example, the testing of a unit 
of program code cannot begin until the program has been coded, compiled, 
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network diagram: A diagram 
outlining the relationships among all of 
the project’s tasks. 


and debugged. Next, you must determine how long each task will take. After 
the predecessor tasks are identified, a network diagram can be created. A 
network diagram displays the relationships among all the project’s tasks and 
will help determine the length of the project. Figure 12.12 shows a sample 
network diagram for building a tree house. 


Plan tree house 


Start: 6/1/20 
Finish: 6/2/20 


Res: 


Buy lumber Build tree house 
ID: 1 Start: 6/3/20 D72 Start: 6/4/20 IDIS 
Dur: 2 days | ———» | Finish: 6/3/20 Dur: 1 day | ———»- | Finish: 6/10/20 Dur: 5 days 


Res: Res: 


FIGURE 12.12 


Sample network diagram 


FIGURE 12.13 


Sample work breakdown 
structure (WBS) 


TABLE 12.10 Task list 


Task Name 


Thus, building a WBS allows you to look at a project in great detail to get 
a complete picture of all the work that must be performed. Developing a WBS 
is another approach to defining the scope of a project—work not included in 
the WBS is outside the scope of the project. 

Figure 12.13 shows a WBS for a project whose goal is to establish a wireless 
network in a warehouse and install RFID scanning equipment on forklift trucks 
for the tracking of inventory. The three phases of the project in Figure 12.13 are 
“Define warehouse network,” “Configure forklift trucks,” and “Test warehouse 
network.” 


Warehouse Network 


| i 


Implement warehouse network 
Define warehouse network 
Conduct survey 

Order RF equipment 


Install RF equipment 


Define Network | Configure Forklift Trucks 
> Conduct survey |__| Ortar REID >| Develop test plan 
scanners 
> Order RF equip l imeal RAD c Conduct test 
scanners 
m Install RF equip > Test RFID scanners 
—> Test RF equip 
Table 12.10 shows a list of tasks for the same RFID project. 
Duration Start Finish Predecessors 
28 days Mon 6/3/19 Wed 7/10/19 
25 days Mon 6/3/19 Fri 7/5/19 
3 days Mon 6/3/19 Wed 6/5/19 
14 days Thu 6/6/19 Tue 6/25/19 2 
6 days Wed 6/26/19 Wed 7/3/19 3 
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5 Test RF equipment 2 days Thu 7/4/19 Fri 7/5/19 4 
6 Configure forklift trucks 19 days Mon 6/3/19 Thu 6/27/19 
7 Order RFID scanners for trucks 12 days Mon 6/3/19 Tue 6/18/19 
8 Install RFIPD scanners on trucks 5 days Wed 6/19/19 Tue 6/25/19 7 
9 Test RFID scanners 2 days Wed 6/26/19 Thu 6/27/19 8 
10 Test warehouse network 28 days Mon 6/3/19 Wed 7/10/19 
11 Develop test plan 2 days Mon 6/3/19 Tue 6/4/19 
12 Conduct test 3 days Mon 7/8/19 Wed 7/10/19 5,9,11 


Figure 12.14 shows the associated schedule in the form of a Gantt chart, 
with each bar in the chart indicating the start and end dates of each major 
activity (heavy black lines) and task (lighter lines). 


une 2019 July 2019 
Task Name ~ Duration ~ Start ~ Finish x | Predecessors x| 2 | 5, 8 11/14 17 20 23,2829 2,5 8°11 
0 |4 Implement warehouse network 28 days Mon 6/3/19 Wed 7/10/19 |) 
1 4 Define warehouse network 25days Mon6/3/19 Fri7/5/19 
2 Conduct survey 3 days Mon 6/3/19 Wed 6/5/19 Dh 
3 Order RF equipment 14 days Thu 6/6/19 Tue 6/25/19 2 — 
4 Install RF equipment 6 days Wed 6/26/19 Wed 7/3/19 3 
5 Test RF equipment 2 days Thu 7/4/19 Fri 7/5/19 4 
6 4 Configure forklift trucks 19 days Mon 6/3/19 Thu 6/27/19 D d 
7 Order RFID scanners for trucks 12 days Mon 6/3/19 Tue 6/18/19 Mr] 
8 Install RFIPD scanners on trucks 5 days Wed 6/19/19 Tue 6/25/19 7 — 
9 Test RFID scanners 2 days Wed 6/26/19 Thu 6/27/19 8 
10 4 Test warehouse network 28 days Mon 6/3/19 Wed 7/10/19 
11 Develop test plan 2days Mon 6/3/19 Tue 6/4/19 m 1 
12 Conduct test 3 days Mon 7/8/19 Wed7/10/19 5,9,11 Zz 
Gantt chart 


A Gantt chart depicts the start and finish dates for project tasks. 


cost management: A set 

of activities that includes the 
development and management of the 
project budget. 


Cost Management 


Cost management includes developing and managing the project budget. This 
area involves resource planning, cost estimating, cost budgeting, and cost con- 
trol. As previously discussed, a separate budget must be established for each 
of the three types of costs—capital, expense, and internal cross-charge—and 
money in one budget cannot be spent to pay for another type of cost. 

One approach to cost estimating uses the WBS to estimate all costs (capital, 
expense, and cross-charge) associated with the completion of each task. This 
approach can require a fair amount of detail work, such as determining the 
hourly rate of each resource assigned to the task and multiplying by the hours 
the resource will work on the task, estimating the cost per unit for supplies and 
multiplying that by the number of units required, and so on. If possible, the peo- 
ple who will complete the tasks should be allowed to estimate the duration and 
associated costs. This approach helps them to better understand the tasks they 
are expected to complete, gives them some degree of control in defining how the 
work will be done, and obtains their “buy-in” to the project schedule and budget. 
You can develop a project duration based on the sequence in which the tasks 
must be performed and the duration of each task. You can also sum the cost of 
each task to develop an estimate of the total project budget. This entire process 
of creating a WBS is outlined in Figure 12.15. The budget developed using this 
approach for the warehouse network project is depicted in Table 12.11. 
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Define goal 


Divide project 
into stages 


lL Identify tasks 


in each stage 


Define deliverables 
for each task 


R Sequence 


tasks 


È Assign resources 


to tasks 


Estimate 
task duration 


Schedule Budget 
Process to create a work breakdown structure (WBS) 
TABLE 12.11 Project budget 
Cross- 
Task Capital Expense Charges 
1 Implement warehouse network 
2 Define warehouse network 
3 Conduct survey $2400 
4 Order RF equipment $9000 
5 Install RF equipment $7800 
6 Test RF equipment $ 960 
7 Configure forklift trucks 
8 Order RFID scanners for trucks $12,500 
9 Install RFID scanners on trucks $2400 
10 Test RFID scanners $1200 
11 Test warehouse network $ 960 
12 Develop test plan 
13 Conduct test $1440 
TOTAL Costs $21,500 $10,200 $6960 
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quality management: A set of 
activities designed to ensure that a 
project will meet the needs for which it 
was undertaken. 


quality planning: The 
determination of which quality 
standards are relevant to the project 
and determining how they will be met. 


quality assurance: The evaluation 
of the progress of the project on an 
ongoing basis to ensure that it meets 
the identified quality standards. 


quality control: The checking of 
project results to ensure that they meet 
identified quality standards. 


project resource 
management: A set of activities 
designed to identify, acquire, and 
manage resources for a project. 


forming-storming-norming- 
performing adjourning model: A 
model that describes how teams 
develop and evolve. 
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Quality Management 

Quality management is a set of activities designed to ensure that a project 
will meet the needs for which it was undertaken. This process involves quality 
planning, quality assurance, and quality control. Quality planning involves 
determining which quality standards are relevant to the project and determin- 
ing how they will be met. Quality assurance involves evaluating the progress 
of the project on an ongoing basis to ensure that it meets the identified quality 
standards. Quality control involves checking project results to ensure that they 
meet identified quality standards. 

In many IS-related systems development projects, the source of the major- 
ity of defects uncovered in system testing can be traced back to an error in 
specifying requirements. Thus, most organizations put a heavy emphasis on 
accurately capturing and documenting system requirements and carefully man- 
aging changes in user requirements over the course of the project. A useful 
checklist for assessing the validity of system requirements includes the follow- 
ing questions:° 


e Does the requirement describe something actually needed by the 
customer? 

e Is the requirement correctly defined? 

e Is the requirement consistent with other requirements? 

e Is the requirement defined completely? 

e Is the requirement verifiable (testable)? 

e Is the requirement traceable back to a user need? 


Hewlett Packard’s Quality Center, Jama from Jama Software, and Inno- 
slate from SPEC Innovations are three examples of requirements management 
software. 


Project Resource Management 


Project resource management is a set of activities designed to identify, 
acquire, and manage resources for a project. Activities within this area 
include estimating the amount and type of resources required for the proj- 
ect; acquiring equipment, materials, and staff; improving team communi- 
cation and competencies; tracking team performance; and resolving team 
issues.” 

When planning for team resources, all members of a project team may 
be assigned, or the project manager may have the luxury of selecting all 
or some team members. Ideally, team members are selected based on their 
skills in the technology needed for the project, their understanding of the 
business area affected by the project, their expertise in a specific area of 
the project, and their ability to work well on a team. Often, compromises 
must be made. For example, the best available subject matter expert may 
not work well with others, which becomes an additional challenge for the 
project manager. 

Experienced project managers have learned that forming an effective 
team to accomplish a difficult goal is a challenge in itself. It takes consid- 
erable effort and a willingness to change on the part of all team members 
in order for a team to reach high levels of performance. A useful model to 
describe how teams develop and evolve is the forming-storming-norming- 
performing adjourning model, which was first proposed by Bruce Tuckman 
(see Figure 12.16).”” 
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FIGURE 12.16 


Tuckman’s forming-storming- 
norming-performing- 


adjourning model 
Forming an effective team is a chal- 
lenge in itself. 


Team development 


Performing 


Storming Norming 


Enthusiasm 


arka38/Shutterstock.com 


Skill level 


During the forming stage, the team meets to learn about the project, agrees 
on basic goals, and begins to work on project tasks. Team members are on their 
best behavior and try to be pleasant to one another while avoiding any conflict 
or disagreement. Team members work independently of one another and focus 
on their role or tasks without understanding what others are attempting to do. 
In the formation stage, the team’s project manager tends to be highly directive 
and tells members what needs to be done. If the team remains in this stage, it 
is unlikely to perform well, and it will never develop breakthrough solutions 
to problems or effectively solve a conflicting set of priorities and constraints. 

The team has moved into the storming stage when it recognizes that differ- 
ences of opinion exist among team members and allows these ideas to compete 
for consideration. Team members will raise such important questions as “What 
problems are we really supposed to solve?” “How can we work well together?” 
“What sort of project leadership will we accept?” The team might argue and 
struggle, so it can be an unpleasant time for everyone. An inexperienced project 
manager, not recognizing what is happening, may give up, feeling that the team 
will never work together effectively. The project manager and team members 
must be tolerant of one another as they explore their differences. The project 
manager may need to continue to be highly directive. 

If the team survives the storming stage, it may enter the norming stage. 
During this stage, individual team members give up their preconceived judg- 
ments and opinions. Members who felt a need to take control of the team 
give up this impulse. Team members adjust their behavior and begin to trust 
one another. The team may decide to document a set of team rules or norms 
to guide how they will work together. Teamwork actually begins. The project 
manager can be less directive and can expect team members to take more 
responsibility for decision making. 

Some teams advance beyond the norming stage into the performing stage. 
At this point, the team is performing at a high level. Team members are com- 
petent, highly motivated, and knowledgeable about all aspects of the project. 
They have become interdependent on one another and have developed an 
effective decision-making process that does not require the project manager. 
Dissent is expected, and the team has developed an effective process to ensure 
that everyone’s ideas and opinions are heard. Work is done quickly and with 
high quality. Problems that once seemed unsolvable now have “obvious” solu- 
tions. The team’s effectiveness is much more than the sum of the individual 
members’ contributions. The project manager encourages participative decision 
making, with the team members making most of the decisions. 

Adjourning, the final stage in the model, involves the dissolution of the 
team. Ideally, this occurs when the project has been completed successfully and 
all team members can move on to new projects or assignments with a positive 
sense of accomplishment. From an organizational perspective, it is important 
that team members be recognized and rewarded for their contributions. 
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project steering team: A group 
of senior managers representing the 
business and IS organizations that 
provide guidance and support to a 
project. 


project champion: A well- 
respected manager with a passion 

to see a project succeed and who 
removes barriers to the success of the 
project. 


project sponsor: A senior manager 
from the business unit most affected by 
a project and who ensures the project 
will indeed meet the needs of his or 
her organization. 


Project organization 
A project steering team is critical to 
the success of any project. 
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No matter what stage a team is operating in, it commonly will revert to 
less-advanced stages in the model when confronted with major changes in 
the work to be done, a change in project leadership, or substantial changes 
in the team’s makeup. The project manager and business managers must 
recognize and consider this important dynamic when contemplating project 
changes. 

Another key aspect of project resource management is getting the project 
team and the sponsoring business unit to take equal responsibility for making 
the project a success. The project team members must realize that on their 
own they cannot possibly make the project a success. They must ensure that 
the business managers and end users become deeply involved in the proj- 
ect and take an active role. The project team must actively involve the end 
users, provide information for them to make wise choices, and insist on their 
participation in major decisions. The business unit must remain engaged in 
the project, challenge recommendations, ask questions, and weigh options. It 
cannot simply sit back and “let the project happen to them.” Key users need to 
be identified as part of the project team with responsibility for developing and 
reviewing deliverables. Indeed, some organizations require that the project 
manager come from the sponsoring business unit. Other organizations assign 
co-project managers to IS-related projects—one from the IS organization and 
one from the business unit. 

In addition to the development team, each project should have a project 
steering team—made up of senior managers representing the business and 
IS organizations—to provide guidance and support to the project. The num- 
ber of members on the steering team should be limited (three to five) to 
simplify the decision-making process and ease the effort to schedule a quo- 
rum of these busy executives. The project manager and select members of 
the development team should meet with the steering team on an as-needed 
basis, typically at the end of each project phase or every few months. The 
three key members of the steering team include: (1) the project champion, 
who is a well-respected manager with a passion to see the project succeed 
and who removes barriers to the success of the project; (2) the project 
sponsor, who is a senior manager from the business unit most affected by 
the project and who ensures the project will indeed meet the needs of his 
or her organization; and (3) the IS manager, who ensures proper IS staff- 
ing for the project and ensures the project uses approved technology and 
vendors. These roles are further explained in Figure 12.17 and outlined in 
Table 12.12. 


Project steering team 


Champion Sponsor IS manager 
Project 
manager 
Subject Project Technical 
matter team 
resources 
experts members 
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TABLE 12.12 Responsibilities of the project steering team 


Project Champion 


Well-respected senior manager with a passion to see the 


project succeed 


Assures that project goals and objectives are aligned 
with organizational goals and objectives 


Convinces other senior managers of the project’s merits 
in order to gain their approval to fund and staff it 


Acts as a vocal and visible champion for the project to 


gain the support of others 


Identifies and removes barriers to project success 


Project Sponsor IS Manager 


Senior manager of business unit 
most affected by the project 


Well-respected IS 
manager 


Ensures that the business unit’s 
expectations and needs are clearly 
communicated and understood 


Ensures the project 
is staffed with 
appropriate IS staff 


Ensures that the project solution is 
truly workable and consistent with 
business and end-user requirements 


Ensures technology 
and vendors sug- 
gested for inclusion 
in the project are 
consistent with IS 
strategy 


Works to overcome resistance to 
change and prepare the organiza- 
tion to embrace the new system and 
way of doing things 


Identifies workers from the business 
unit to be assigned on a full- or 
part-time basis to project 


Resolves any issues outside the control of the project 


manager 


Provides advice and counsel to the project team 


Keeps informed of major project activities and 


developments 


Has final approval of all requests for changes in project 


scope, budget, and schedule 


Signs off on approvals to proceed to each succeeding 


project phase 


subject matter expert: Someone 
who provides knowledge and expertise 
in a particular aspect important to the 
project. 


technical resource: A subject 
matter expert in an IS topic of value to 
the project. 


communications management: 
The generation, collection, 
dissemination, and storage of project 
information in a timely and effective 
manner. 


Many projects also draw on key resources who are not assigned to the 
project team but who provide valuable input and advice. A subject matter 
expert is someone who provides knowledge and expertise in a particular 
aspect important to the project. For example, an accounting system project 
may seek advice from a member of the internal auditing group in defining the 
mandatory control features of a new system. A technical resource is essen- 
tially a subject matter expert in an IS topic of value to the project. For example, 
the accounting system project may seek advice from a database management 
system guru (either inside or outside the company) to minimize the response 
time for certain key business transactions. 


Communications Management 

Communications management involves the generation, collection, dissemi- 
nation, and storage of project information in a timely and effective manner. 
It includes communications planning, information distribution, performance 
reporting, and managing communications to meet the needs of project share- 
holders. The key stakeholders include the project steering team, the team 
itself, end users, and others who may be affected by the project (potentially 
customers or suppliers). 

In preparing a communications plan, the project manager should recog- 
nize that the various project stakeholders have different information needs. 
A useful tool for identifying and documenting these needs is the stakeholder 
analysis matrix, shown in Table 12.13. This matrix identifies the interests of 
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the stakeholders, their information needs, and important facts for managing 
communications with the champion, sponsor, project team members, and key 
end users associated with the project. The project manager should include his 
or her manager in this analysis. Based on analysis of this data, the preferred 


form and frequency of communication is identified for each stakeholder. 


TABLE 12.13 Sample stakeholder analysis matrix 


Key Stakeholders 


Organization 


Useful facts 


Level of interest 
Level of influence 


Suggestions 
on managing 
relationship 


Information needs 


Information 
medium, format, 
and timing 


Ray Boaz 


Project champion 
and VP of supply 
chain 


e Very persuasive 
®© Trusted by CEO 


High 
High 


© Demands 
respect, some- 
what formal 

e Speak in busi- 
ness terms, never 
get technical; no 
surprises! 


e ROI, budget, and 
schedule 


© Biweekly face-to- 
face meeting 


Klem Kiddlehopper 


Project sponsor and 
warehouse manager 


e Risk taker, very 
aggressive 

e Will push this 
through, no mat- 
ter what 


High 
Medium 
© Poor listener, for- 


gets details 
e Put it in writing 


@ Schedule and 
potential opera- 
tional conflicts 


e Weekly 
newsletter 
© Biweekly face-to- 


John Smith 


Experienced forklift 
driver 


è Has driven fork- 
lift truck for five 
years 

© Well respected 
by peers 


Medium 
High 
e Must keep John 


enthusiastic 
about project 


© Schedule, espe- 
cially timing of 
training 

© Safety and pro- 
ductivity issues 


© Newsletter 
@ Catch-as-catch 
can 


Forklift Drivers 
15 different drivers 


© Not highly moti- 
vated to make 
project a success 


Low 
Low 


e Don’t ignore 

© Attend occa- 
sional shift 
changeover 
meeting 


e Schedule, espe- 
cially timing of 
training 

© Safety issues 


© Brief updates at 
weekly depart- 
ment meeting 


project risk: An uncertain event 
or condition that, if it occurs, has 

a positive or a negative effect on a 
project objective. 


face meeting 


If the project team is unable to recruit either a project champion or spon- 
sor, the problem may be that management does not see clearly that the bene- 
fits of the project outweigh its costs, or that the project appears to run counter 
to organizational goals and strategies. A potential project without either a 
champion or a sponsor is highly unlikely to get the needed resources, and 
for good reason. No project should be started without both a champion and 
a sponsor. 


Risk Management 

“Things will go wrong, and at the worst possible time,” according to a vari- 
ation of Murphy’s Law, a popular adage. Project risk is an uncertain event 
or condition that, if it occurs, has a positive or a negative effect on a project 
objective. Known risks are risks that can be identified and analyzed. For 
example, in creating a new IS-related system that includes the acquisition of 
new computing and/or networking hardware, a known risk might be that the 
hardware will take longer than expected to arrive at the installation site. If 
the hardware is delayed by several weeks, it could have a negative effect on 
the project completion date. Countermeasures can be defined to avoid some 
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risk management: A deliberate 
and systematic process designed to 
identify, analyze, and manage project 
risks. 


known risks entirely, and contingency plans can be developed to address 
unavoidable known risks if they occur. Of course, some risks simply cannot 
be anticipated. 

A hallmark of experienced project managers is that they follow a deliberate 
and systematic process of risk management to identify, analyze, and manage 
project risks. Having identified potential risks, they can make plans to avoid 
them entirely. When an unavoidable risk occurs and becomes an issue, the 
project team has already defined an alternative course of action to minimize 
the impact on the project. They waste no time executing the backup plan. 
Unknown risks cannot be managed directly; however, an experienced project 
manager will build some contingency into the project budget and schedule to 
allow for their occurrence. 

While inexperienced project managers realize that things may go wrong, 
they often fail to identify and address known risks and do not build in contin- 
gencies for unknown risks. Thus, they are often unsure of what to do, at least 
temporarily, when a project setback occurs. In their haste to react to a risk, 
they may not implement the best course of action. 

The project manager needs to lead a rigorous effort to identify all risks 
associated with the project. The project team, business managers, and end users 
should participate in the effort. These resources can include seasoned project 
managers and members of the organization’s risk management department. 
After each risk is identified and defined, as shown in Table 12.14, the group 
should attempt to classify the risk by the probability that it will occur and 
the impact on the project if the risk does occur. Both the probability and the 
impact can be classified as high, medium, or low, as shown in the example in 
Table 12.14. 


TABLE 12.14 Identification of project risks 


Risk Example 

R1 The required new servers arrive at the installation site more than two 
weeks late. 

R2 Business pressures make key end users unavailable to develop the 


user acceptance test by the date it is needed. 


R3 Business pressures make end users unavailable during the time scheduled 
for training. 


R4 One or more end-user computers have insufficient memory or CPU 
capacity to run the new software efficiently (or at all). 


Rn 


TABLE 12.15 Example of an assessment of project risks 


Impact on Project 


Medium 
Probability of risk occurring High R10 R2, R3 
Medium R5, R6 Rn R1 
Low R8, R7, RO R4 
R11 


Dark = High risk/high impact; risk management plan is needed 
Lightest = Medium or high risk and impact; risk management plan recommended 
Lighter = Low or medium risk and impact; risk management plan not needed 
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risk owner: The individual 
responsible for developing a risk 
management strategy and monitoring 
the project to determine if the risk is 
about to occur or has occurred. 
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The project team then needs to consider which risks need to be addressed 
with some sort of risk management plan. Generally, the team can ignore risks 
with a low probability of occurrence and low potential impact. Risks with a 
high probability of occurrence and a high potential impact need to have a risk 
owner assigned. The risk owner is responsible for developing a risk manage- 
ment strategy and monitoring the project to determine if the risk is about to 
occur or has occurred. One strategy is to take steps to avoid the risk altogether, 
while another is to develop a backup plan. The risk management plan can be 
documented as shown in Table 12.16. 


TABLE 12.16 Risk management plan 


Risk Description Risk Owner Risk Strategy Current Status 

R2 Business pressures make Jon Andersen, manager Try to avoid this prob- Key users have been 
key end users unavail- of end users in the busi- lem by starting devel- identified and have 
able to develop the user ness area opment of the user started developing the 
acceptance test by the acceptance test three test. 
deadline. weeks earlier than orig- 

inally planned. Monitor 
progress carefully. 

R3 Business pressures make Jon Andersen, manager Try to avoid this prob- Three of four tempo- 
end users unavailable of end users in the busi- lem by hiring and rary workers have been 
during the time sched- ness area training four temporary hired. Their training is 
uled for training. workers to fill in for end scheduled to begin next 

users as they participate week. 
in training. 
R1 The required new serv- Alice Fields, team mem- Set a firm delivery dead- The contract with the 


ers arrive at the installa- 
tion site more than two 
weeks late. 


ber responsible for hard- 
ware acquisition 


line with the vendor, 
with a substantial dollar 
penalty for each day that 
the equipment is late. 


penalty clause has been 
signed by the vendor, 
who agrees to provide a 
shipment status update 


each Tuesday and Friday. 


One of the biggest risks associated with a project is that considerable 
time, energy, and resources might be consumed with little value to show in 
return. To avoid this potential risk, an organization must ensure that a strong 
rationale exists for completing a project. The project must have a direct link 
to an organizational strategy and goal, as shown in Figure 12.18. In this exam- 
ple, assume that an organization has been losing sales because of customer 
dissatisfaction. It has set an objective of improving customer service, with 
a goal of increasing the retention rate of existing customers. The organiza- 
tion has defined one of its key strategies as improving customer service to 
world-class levels. A project that is consistent with this strategy and that can 
deliver results to achieve this goal is clearly aligned with the organization’s 
objectives. 


e Objective. Improve customer service. 

e Goal. Reduce customer turnover from 25 percent per year to 10 percent 
by June 2020 by responding to 95 percent of customers’ inquiries within 
90 seconds, with less than 5 percent callbacks about the same problem. 

e Strategy. Improve customer service to world-class levels. 

e Project. Implement a state-of-the-art customer call center with “24/7” 
availability and a well-trained staff. 
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FIGURE 12.18 


Projects must be well linked 
to an organizational goal and 
strategy 


procurement management: A 
set of activities related to the 
acquisition of goods and/or services 
for the project from sources outside the 
performing organization. 


make-or-buy decision: The 
act of comparing the pros and 
cons of in-house production versus 
outsourcing of a given product or 
service. 


Objective: 
Improve 
customer 
service 


Goal: 
Reduce customer 
turnover from 
25% to 10% by 
June 2020 


Strategy: 
Improve 
customer 
service to 
world-class levels 


Project: 
Implement 
state-of-the-art 
customer call 
center 


Risk management software—such as Risk Management from Intelex, Full 
Monte from Barbecana, and RiskyProject from Intaver Institute—integrates 
with project scheduling software and can reflect the potential impact of various 
risks on the project schedule and cost. Use of such software can lead to more 
realistic estimates for project milestones and budgets. 


Procurement Management 


Procurement management is a set of activities related to the acquisition of 
goods and/or services for a project from sources outside the performing orga- 
nization. Procurement management is divided into the following processes: 


e Plan purchase and acquisition. This process determines what is needed 
and when. 

e Plan contracting. This process documents requirements for products 
and services and identifies potential providers. 

e Request seller responses. This process obtains bids, information, pro- 
posals, or quotations from potential providers. 

e Select seller. During this process, offers are reviewed, the preferred pro- 
vider is identified, and negotiations are started. 

e Contract administration. This process manages all aspects of the con- 
tract and the relationship between the buyer and the provider. The 
process includes tracking and documenting the provider’s performance, 
managing contract changes, and taking any necessary corrective actions. 

e Contract closure. This process completes and settles the terms of any 
contracts, including resolving any open items. 


The make-or-buy decision is a key decision made during the plan purchase 
and acquisition process. The make-or-buy decision involves comparing the 
pros and cons of in-house production versus outsourcing of a given product 
or service. In addition to cost, two key factors to consider in this decision are 
(1) “Do we have a sufficient number of employees with the skills and experi- 
ence required to deliver the product or service at an acceptable level of quality 
and within the required deadlines?” and (2) “Are we willing to invest the man- 
agement time, energy, and money required to identify, recruit, train, develop, 
and manage people with the skills to do this kind of work?” 
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fixed-price contract: A contract 

in which the buyer and provider agree 
to a total fixed price for a well-defined 
product or service. 


cost-reimbursable contract: A 
contract that requires the buyer to pay 
the provider an amount that covers 
the provider's actual costs plus an 
additional amount or percentage for 
profit. 


time and material contract: A 
contract that requires the buyer to 
pay the provider for both the time and 
materials required to complete the 
contract. 


project integration 
management: The coordination 
of all appropriate people, resources, 
plans, knowledge, and efforts to 
complete a project successfully. 
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A contract is a legally binding agreement that defines the terms and con- 
ditions of the buyer—provider relationship, including who is authorized to do 
what, who holds what responsibilities, costs and terms of payment, remedies 
in case of breach of contract, and the process for revising the contract. Contract 
types fall into three main categories: 


e Fixed-price contract. With this type of contract, the buyer and pro- 
vider agree to a total fixed price for a well-defined product or service. 
For example, the purchase of a large number of laptop computers with 
specified capabilities and features frequently involves a fixed-price 
contract. 

e Cost-reimbursable contract. This type of contract requires the buyer 
to pay the provider an amount that covers the provider’s actual costs 
plus an additional amount or percentage for profit. Three common types 
of cost-reimbursable contracts exist. In a cost-plus-fee or cost-plus- 
percentage of cost contract, the provider is reimbursed for all allowable 
costs and receives a percentage of the costs as a fee. In a cost-plus- 
fixed-fee contract, the provider is reimbursed for all allowable costs and 
receives a fixed fee. In a cost-plus-incentive-fee contract, the provider 
is reimbursed for all allowable costs. In addition, a predetermined fee 
is paid if the provider achieves specified performance objectives—for 
example, the provider’s hardware must be received, installed, and opera- 
tional by a specific date. In such contracts, buyers run the risk of paying 
more for the work but are rewarded by having their objectives met or 
exceeded. Providers run the risk of reduced profits if they fail to deliver, 
but can be rewarded for superior performance. 

e Time and material contract. Under this type of contract, the buyer pays 
the provider for both the time and materials required to complete the 
contract. The contract includes an agreed-upon hourly rate and unit price 
for the various materials to be used. The exact number of hours and 
precise quantity of each material are not known, however. Thus, the true 
value of the contract is not defined when the contract is approved. If not 
managed carefully, time and material contracts actually can motivate sup- 
pliers to extend projects to maximize their fees. 


Poor procurement management can result in serious project problems and 
even a project’s outright cancellation. 


Project Integration Management 

Project integration management is perhaps the most important knowledge 
area because it requires the assimilation of all nine other project management 
knowledge areas. Project integration management requires the coordination 
of all appropriate people, resources, plans, knowledge, and efforts to com- 
plete a project successfully. According to the Project Management Institute 
(PMI), project integration management comprises seven project management 
processes: 


1. Developing the project charter that formally recognizes the existence of the 
project, outlines the project objectives and how they will be met, lists key 
assumptions, and identifies major roles and responsibilities. 

2. Developing the project management plan that describes the overall scope, 
schedule, and budget for the project; this plan coordinates all subsequent 
project planning efforts and is used in the execution and control of the 
project. 

3. Directing and managing project execution by following the project man- 
agement plan. 

4. Managing project knowledge by using past projects and documenting new 
knowledge acquired. 
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stakeholder management: A set 
of activities that involves identifying, 
engaging, communicating with all the 
people, groups, or organizations who 
are or could be impacted by a project. 


5. Monitoring and controlling the project work to meet the projects per- 
formance objectives; this process requires regularly measuring effort and 
expenditures against the project tasks, recognizing when significant devi- 
ations occur from the schedule or budget, and taking corrective action to 
regain alignment with the plan. 

6. Performing integrated change control by managing changes over the course 
of the project that can affect its scope, schedule, and/or cost. 

7. Closing the project successfully by gaining stakeholder and customer accep- 
tance of the final product, closing all budgets and purchase orders after 
confirming that final disbursements have been made, and capturing knowl- 
edge from the project that may prove useful for future projects. 


As an example of a firm that excels in project integration management, 
consider Atos, an international IS services company that employs over 110,000 
workers in more than 73 countries,’ with 2018 annual revenue of €13 billion 
($12.2 billion U.S. dollars). The firm successfully delivered the information 
technology systems that enabled the smooth running of the Sochi 2014 Olym- 
pic Games in Russia. Atos had the primary responsibility for project integra- 
tion, consulting, systems integration, operations management, information 
security, and software applications development for the games. Through its 
experience with previous Olympics (Atos has been the worldwide IS partner 
for the Olympic Games, both winter and summer, since Salt Lake City in 
2002), Atos has developed an effective project management process. The firm 
spent over four years configuring, testing, and retesting some 10,000 pieces 
of equipment deployed to 30 different venues. Atos coordinated the work 
of hundreds of subcontractors to deliver a reliable IS infrastructure and IS 
services in support of one of the world’s widely viewed sporting events. The 
Sochi project was coordinated so that custom software, thousands of work- 
stations and laptops, tens of thousands of phones, hundreds of servers, and 
multiple operations centers and data centers all operated together effectively 
and efficiently.” 


Stakeholder Management 


As the newest addition to the Project Management Body of Knowledge (PMBOK 
Guide, 6” edition), stakeholder management has recently been recognized 
as an essential component of a successful project. Stakeholder management 
is a set of activities that involves identifying, engaging, communicating with 
all the people, groups, or organizations who are or could be impacted by a 
project. It is important to note that different people and groups have different 
levels of engagement needs. For example, imagine that ABC Corporation is 
building a new customer invoicing system. Once system development begins, 
the company’s president wants to know high-level information, such as cost 
and schedule overruns. The IT director will need to know resource and data 
needs, as well as testing results. The employees who will use the new system 
only need to know when the system will be implemented and when they will 
be trained. 
Within stakeholder management, there are four processes: 


1. All stakeholders must be identified. This process is not a one-time endeavor; 
rather, this list must be regularly reviewed and updated. 

2. The level of stakeholder engagement must be known and planned for. This 
is based on each stakeholder’s need, expectations, and interest level in the 
project. 

3. The level of engagement must be managed. The project manager must work 
with the stakeholders to satisfy their desired levels of engagement. 

4. The levels of engagement must be monitored. Changes must be made to 
satisfy the desired levels of engagement.°! 
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Several types of matrices can be used to manage the engagement and com- 
munications plans for stakeholders. In the stakeholder engagement assessment 
matrix (shown in Table 12.17), each stakeholder is assessed in two different 
ways: their current engagement level and their desired engagement level. 


TABLE 12.17 Stakeholder engagement assessment matrix 


Stakeholder Unaware Resistant Neutral Supportive Leading 
Mary Jones C 1D) 

David Smith Cc D 

Andre Ruiz DC 


“C” denotes current level of engagement 

“D” denotes desired level of engagement 

The matrix is used to depict each stakeholder’s current engagement level with the project and 
the engagement level that they desire. 


Comparatively, the stakeholder registry (shown in Table 12.18) contains 
information regarding the stakeholder’s position, requirements, expectations, 
influence level, and interest level. 


TABLE 12.18 Stakeholder registry 


Influence Interest 
Name Title Department Requirements (L/M/H) (L/M/H) 
Mary Jones Accounts Payable Accounting Needs to invoice L H 
Clerk customers 
David Smith IT Manager IT Must integrate new M H 
system with database 
Andre Ruiz Accounts Payable Accounting Invoicing system must be H H 


Manager 


efficient 


Additionally, communications with stakeholders needs to be planned and 
executed on a regular basis. Project managers also develop a stakeholder 
communication plan (see Table 12.19) to manage the level of communication 
required throughout the project. 


TABLE 12.19 Stakeholder communication plan 


Contact Type of Delivery Person 
Name/Group Information Information Delivery Method Frequency Responsible 
Mary Jones mjones@abc.com Monthly status Email Monthly Project Manager 
David Smith dsmith@abc.com Status reports, Email Weekly status Business Analyst, 


Monthly budget 
report, Goals, 
implementation 
plans, Scope 
changes 


reports, Monthly 
reports, as needed 


Project Manager 


Andre Ruiz aruiz@abc.com, 


Bldg 12 


Status reports, 
Monthly bud- 
get report, 

Requirements 


Email, Paper Weekly Project Manager 
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Critical Reluctant Project Sponsor 


Thinking Æ BEHAVIORS IN ORGANIZATIONS 
Exercise 


You are on the phone with the project sponsor of a $2 million project you are 
managing. She informs you that she accepted the role reluctantly, and now, one 
month into this eight-month project, she is considering withdrawing as project 
sponsor. She does not see the need for this role and is extremely busy with her 
other responsibilities. 


Review Questions 


1. What is the role of the project sponsor? 

2. What might be the impact on the project if you attempt to proceed without a 
sponsor? Is it likely that some project tasks would need to be redone if a new 
sponsor is appointed? 


Critical Thinking Questions 


1. If you are unable to persuade the sponsor to remain on the project, should you 
enlist the help of the project champion? How might you do this in such a way 
that you do not appear weak and ineffective and avoid creating hard feelings 
with the current sponsor? 

2. After speaking to the project champion, you and she both agree that the current 
sponsor should be replaced with someone new. What characteristics, traits, and 
experiences would you look for in a new sponsor? 


Principle: 


Organizations that are more advanced in their planning processes develop 
multiple-year strategic plans. 

Strategic planning is a process that helps managers identify desired out- 
comes and formulate feasible plans to achieve their objectives using available 
resources and capabilities. 

Goal-based strategic planning is divided into four phases: analyze situation, 
set direction, define strategies, and deploy plan. 

The analyze situation phase involves looking internally to identify the 
organization’s strengths and weaknesses and looking externally to determine 
its opportunities and threats. 

An analysis of an organization’s internal assessment and study of its exter- 
nal environment are frequently summarized into a Strengths, Weaknesses, 
Opportunities, Threats (SWOT) matrix. 

The set direction phase involves defining the mission, vision, values, objec- 
tives, and goals of the organization. 

SMART goals are specific, measurable, achievable, relevant, and time 
constrained. 

The define strategies phase involves describing how an organization will 
achieve its mission, vision, objectives, and goals. 

Deploy plan includes communicating the organization’s mission, vision, 
values, objectives, goals, and strategies so that everyone can help define the 
actions required to meet organizational goals. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


CHAPTER 12 @ Strategic Planning and Project Management 494 


Principle: 


Organizations must always make a clear connection among business objec- 
tives, goals, and projects. In addition, projects must be consistent with 
business strategies. 

The strategic planning process for the IS organization and the factors that 
influence it depend on how the organization is perceived by the rest of the 
organization. An IS organization can be viewed as a cost center/service pro- 
vider, a business partner/business peer, or a game changer. 

IS strategic planning is influenced by the corporate and business unit stra- 
tegic plans as well as technology innovations and innovative thinking. 

The IS strategy will set direction for the technologies, vendors, competen- 
cies, people, systems, and projects. 


Principle: 


Positive change is a key ingredient for any successful organization. 

Innovation is the application of new ideas to the products, processes, and 
activities of a firm, leading to increased value. Innovation is the catalyst for 
the growth and success of any organization. Innovation may be classified as 
sustaining or disruptive. 

Business process reengineering is a form of innovation that involves the 
radical redesign of business processes, organizational structure, information 
systems, and values of the organization to achieve a breakthrough in results. 
Continuous improvement is a form of innovation that continually improves 
business processes to add value to products and services. 


Principle: 


The organizational appetite for innovation drives the changes within the 
firm’s selected projects and processes. 

A project is a temporary endeavor undertaken to create a unique product, 
service, or result. 

Roughly 14 percent of all IS projects fail. 

Today, many organizations have recognized project management as one of 
their core competencies. 

Five highly interrelated parameters define a project—scope, cost, time, qual- 
ity, and user expectations. If any one of these project parameters is changed, 
there must be a corresponding change in one or more of the other parameters. 

Project scope is the definition of which work is and which work is not 
included in a project. 

The cost of a project includes all the capital, expenses, and internal cross- 
charges associated with the project’s buildings, operation, maintenance, and 
support. 

The timing of a project is frequently a critical constraint. 

Quality of a project can be defined as the degree to which the project 
meets the needs of its users. 

Project management is the application of knowledge, skills, and tech- 
niques to project activities to meet project requirements. Project managers 
must attempt to deliver a solution that meets specific scope, cost, schedule, and 
quality goals while managing the expectations of the project stakeholders—the 
people involved in the project or those affected by its outcome. 

According to the Project Management Institute (PMI), project managers 
must coordinate 10 areas of expertise: scope, schedule, cost, quality, resources, 
communications, risk, procurement, integration, and stakeholder management. 

Scope management includes defining the work that must be done as part of 
the project and then controlling the work to stay within the agreed-upon scope. 
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A process is a set of logically related tasks performed to achieve a defined 
outcome. 

Schedule management includes defining an achievable completion date 
that is acceptable to the project stakeholders, developing a workable project 
schedule, and ensuring the timely completion of the project. 

Cost management includes developing and managing the project budget. 

Quality management is a set of activities designed to ensure that the project 
will meet the needs for which it was undertaken. 

Project resource management includes activities to identify, acquire, and 
manage resources for a project. 

The forming-storming-norming-performing-adjourning model describes 
how teams form, evolve, and dissolve. 

Each project should have a project steering team—made up of senior man- 
agers representing the business and IS organizations—to provide guidance and 
support to the project. Three key members of the steering team are the project 
champion, project sponsor, and IS manager. 

Communications management involves the generation, collection, dissem- 
ination, and storage of project information in a timely and effective manner. 

Risk management is a process that attempts to identify, analyze, and man- 
age project risks. Experienced project managers follow a deliberate and sys- 
tematic process of risk management to avoid risks or minimize their negative 
impact on a project. 


Procurement management is a set of activities related to the acquisition of 
goods and/or services for the project from sources outside the organization. 

Project integration management is a critical knowledge area of project 
management that involves chartering, scoping, planning, executing, monitoring 
and controlling, change control, and project closing. 

Stakeholder management is a set of activities that involves identifying, 
engaging, communicating with all the people, groups, or organizations who 
are or could be impacted by a project. 


core value 

business process reengineering (BPR) 
goal 

goals-based strategic planning 
intangible benefit 

issues-based strategic planning 
Michael Porter’s Five Forces Model 
mission statement 

objective 

organic strategic planning 
strategic planning 

strategy 


Strengths, Weaknesses, Opportunities, Threats (SWOT) 
matrix 


tangible benefit 
vision 
vision/mission statement 


change model 


communications management 
continuous improvement 

core competency 

cost management 
cost-reimbursable contract 
critical path 

culture 

diffusion of innovation theory 
fixed-price contract 
forming-storming-norming-performing-adjourning 
model 

Gantt chart 

innovation 

make-or-buy decision 
network diagram 
organizational change 
organizational culture 


predecessor task 
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procurement management 
project 

project champion 

project deadline 

project integration management 
project management 
project milestone 

project risk 

project schedule 

project scope 

project sponsor 

project stakeholder 
project steering team 
process redesign 

quality 

quality assurance 

quality control 
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quality management 

quality planning 

process resource management 
reengineering 

risk management 

risk owner 

scope management 

slack time 

soft side of implementing change 
sponsoring business unit 
stakeholder management 

subject matter expert 

technical resource 

technology acceptance model (TAM) 
time and material contract 
schedule management 

work breakdown structure (WBS) 


Self-Assessment Test 


Organizations that are more advanced in their Organizations must always make a clear connection 
planning processes develop multiple-year strategic among business objectives, goals, and projects. In 
plans. addition, projects must be consistent with business 


1. Which phase of the goals-based strategic plan- siatcgics 


ning involves an in-depth analysis of the com- 
pany and its competitors? 


5. Business value of a proposed project can be 
which of the following? 


a. Analyze situation a. Tangible benefits 
b. Set direction b. Intangible benefits 
c. Define strategies c. Unstructured benefits 
d. Deploy plan d. Both A and B 
2 G ; , and 6. Which type of project should result in an 
must be established before increase of company revenue? 
an organization can establish its goals and a. Maintenance 
objectives. b. Breakthrough 
a. Values, strategies, projects c. Mandatory 
b. Mission, values, strategies d. Enhancement 
c. Mission, vision, values 7. When identifying and selecting projects, an orga- 
d. Vision, strategies, projects nization does all of the following EXCEPT: 
3. The SWOT analysis is part of which phase in a. Assess the risk of using new technologies 
goals-based strategic planning? b. Assess the skill level of the proposed users 
a. Analyze situation c. Consider other technological changes that 
b. Define strategies this new project will require 
c. Set direction d. Calculate the cost of the project and its 


d. Deploy plan 

4. If an IS organization focuses on stopping IS 
redundancies and saving money, it would be 
considered a 

Cost center 

Business partner 

Game changer 

Disruptive innovation or result. 


expected rate of return 


The organizational appetite for innovation drives 
the changes within the firm’s selected projects and 
processes. 


8 A is a temporary endeavor 
undertaken to create a unique product, service, 


aoge 
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9. 


10. 


The five highly interrelated parameters of a proj- 

ect are: 

a. scope, time, quality, stakeholders, and services 

b. time, user expectations, quality, Gantt chart, 
and cost 

c. quality, cost, services, time, and stakeholders 

d. cost, time, quality, user expectations, and 
scope 

According to the Project Management Insti- 

tute (PMI), project managers must coordinate 

areas of expertise. 


three 
five 
seven 
ten 


aor. 


W. 


12. 


The forming-storming-norming-performing- 
adjourning model describes: 

a. the project phases 

b. how teams form, evolve, and dissolve 

c. how teams are selected 

d. management phases of a project 

The category of innovation 
adoption is the first group to try new products 
and ideas. 

a. early adopters 

b. innovators 

c. late majority 

d. laggards 


Self-Assessment Test Answers 


Ges eS 


gFaepas 


Te 


d 
= |p) 
b 


b 
project 
d 


Review and Discussion Questions 


1. 


2. 


What organizational benefits are gained through 
strategic planning? 

Uber’s mission statement is “We ignite oppor- 
tunity by setting the world in motion.” As Uber 
expands into food delivery (UberEats), freight 
(UberFreight), transporting medical patients 
(UberHealth), and business rides (Uber for Busi- 
ness), is the mission statement still suitable for 
all of these business lines? What would prompt 
Uber to change the mission statement?. Explain 
each item called out in Porter’s Five Forces 
Model. How might an organization use this 
model? 

Explain why the strategic planning pyramid is 
shaped as a pyramid. Why are the items dis- 
played in this particular order? 

In a SWOT matrix, how do strengths compare to 
opportunities? How do weaknesses compare to 
threats? 

Explain why goals should be “SMART.” What are 
the advantages of establishing SMART goals? 


. When resulting in mostly intangible benefits, 


how would you rank a project’s priority level 
against other projects with quantifiable out- 
comes? How can technical innovations or other 


innovations drive strategy? Give examples where 
innovation changed the direction of a company. 
How do you think the theory of innovation dif- 
fusion can be applied to Elon Musk’s idea of 
underground tunnels and car elevators? 

Define the term “project.” 

What is a core competency? Project scope? Proj- 
ect stakeholder? 

Identify the five highly interrelated parame- 

ters that define a project. If one parameter is 
changed, how would the other four parameters 
be affected? 

Identify and briefly describe the 10 areas 

of expertise that a project manager must 
coordinate. 

Explain the difference between a WBS and a 
Gantt chart. 

Imagine that you are going to put on a play at 
your college. Create a WBS diagram to outline all 
the activities necessary to complete this project. 


. What is the difference between quality planning, 


quality assurance, and quality control? 


. What is the difference between the stakeholder 


engagement assessment matrix, the stakeholder 
registry, and the stakeholder communication plan? 
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16. 


1y 


Think of a team of which you’ve been a part. 
Can you explain why the team performed so 
well (or poorly) using the forming-storming- 
norming-performing-adjourning model? 
Identify some of the challenges of performing 
project integration management on a project 
in which team members are distributed 
globally and cannot physically meet in one 
location. How might these challenges be 
overcome? 
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18. 


19; 


20. 


What is the purpose of risk management? 
Outline the risks you faced on the first day 

of college. Have any of these risks changed 
since then? 

What is the difference between business process 
reengineering and continuous improvement? 
Which one of these would qualify as a project? 
Imagine that you are hiring a firm to complete a 
large project using unproven technology. Which 
form of contract would you prefer and why? 


Business-Driven Decision-Making Exercises 


il 


Many free and open source project manage- 
ment software programs are available online, 
such as Asana, BaseCamp, Bitrix24, GanttProj- 
ect, MeisterTask, Trello, and Zoho. Choose 
one of these programs or use a spreadsheet 
or another project management program with 
which you are familiar. Create a Gantt chart 
using the values from the table below. How 
long will it take to complete a project consist- 
ing of these tasks? Identify the critical path for 
this project. 


Your team has just inherited $500,000. The 
team has agreed to invest this money by pur- 
chasing an existing business. Choose a local 
business and perform a SWOT analysis on this 
business. Look at the business’ website and 
compare it to its competitors. Identify reasons 
to purchase or not purchase this business. Is a 
Web presence necessary for this business? What 
critical changes should be made to the current 
website to meet the business’ and customers’ 
needs? 

As a team, you are to analyze the IS department 
at your school. One or two team members will 
begin by interviewing the IS manager to find 
out what IS projects are currently underway. 
Concurrently, other team members will research 
your school’s strategic plan, mission statement, 
vision, and values. Armed with this information, 
your team must decide if the IS department at 
your school should be classified as a cost center, 
business partner, or game changer? Why? Do the 
current projects align with the school’s strategic 
plan? Why or why not? 


2. 


A 5) 

B 3 

@ 4 A,B 
D 8 D 
E 5 @ 

F 3 D, E 


Think of a project that you have previously worked 
on. Create a stakeholder registry for this project. 


Teamwork and Collaboration Activities 


3; 


Your team has been hired as consultants to 
work with a large city to implement a program 
to place hundreds of high-tech digital cameras 
in strategic locations to aid in reducing crime 
and speeding help to victims. The cameras 

are state-of-the-art with infrared capability for 
night vison, high resolution, and rapid zoom 
in and out capability. Your city will be the first 
in the United States to deploy them. The man- 
ufacturer is a relative newcomer to the digital 
camera industry. The program has not yet been 
fully funded, nor has it been announced to 

the residents of the city. The city management 
and top-level officers within the police depart- 
ment are fully behind the program; however, 
lower level officers and cops on the street have 
mixed support. Your team has been asked to 
perform a risk assessment for this project. You 
are to identify various risks that could occur; 
assign them a high, medium, or low level or 
risk, and assess the potential impact (high, 
medium, or low) on the project if that risk 
should occur. 
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Career Exercises 


1. Visit the Project Management Institute (PMD web- 
site at www.pmi.org. Do research to learn more 
about the value that employers place on project 
management certification. What are the certifica- 
tions offered by PMI that you may be qualified to 
take? Search job listings for project managers. Do 
they require PMI or other certifications? 

2. Can you state the vision and mission of your 
organization or college? Has it documented its 


core values? Can you identify any key objectives 
and strategies? 

3. Talk with your manager and others at work 
about the need for good project management 
in your organization. Do the people you spoke 
with see project management as a core compe- 
tency? Do they feel that there is a shortage of 
good project managers? 


æ GLOBAL 


Strategic Shift at Microsoft 

Microsoft, a company known well for its operating systems 
and productivity software, is currently one of the world’s 
most valuable companies, valued at around $1 trillion, as 
of 2019. The value stems from a strategic shift by Micro- 
soft from their obsessive focus on the Windows operating 
system to a focus on delivering cloud services and embrac- 
ing open source. This turnaround is not only affecting the 
planning and strategy of Microsoft, but also caused a major 
change in their employees and the company culture. 

There has been a tremendous growth in cloud services, 
as more and more companies store their data in the cloud 
rather than on-premise. Microsofts Azure cloud division has 
grown rapidly and is strongly competing with Amazon’s cloud 
services. Judson Althoff, EVP Worldwide Commercial Business 
at Microsoft says, “It’s not about selling product anymore,” he 
said. “It’s using cloud services to transform their business. This 
new wave of compute - the intelligent cloud and the intelli- 
gent edge - will shape everything we do for decades to come. 
This is your opportunity. This will create more opportunities 
for the Microsoft ecosystem than we have seen in our history. 
It’s not some science future story. It’s here and it’s now.” 

Interest in the cloud has not only changed the way com- 
panies save data, but it’s also changed the way the providers 
make their money. The method that Microsoft accounts for 
their sales has completely changed with the new strategy. 
Before, money was earned by customers buying licenses for 
the software operating systems. Now, money is only earned 
with the time that the customer uses the cloud service. 

Since the market-focus has been turned to a completely 
different model, the company culture has changed dramat- 
ically. 40,000 Employees had to be trained to understand 
how their customers used the cloud, so they could encour- 
age more usage. Sales personnel no longer prepared sales 
forecasts but concentrated more on retaining and obtaining 
customers. In addition, salespeople were given different 
incentives for sales, since the revenue generated is so dif- 
ferent with cloud services. Microsoft also used technology 
to make meetings less frequent but more productive, enable 
salespeople to spend more time with their customers and 
change manager’s behavior through technology to spend 


more time with employees. Meeting technology allows par- 
ticipants to gauge how useful meetings are by measuring 
how much the participants were on their smartphones. “The 
shift has been successful so far because it has not just stra- 
tegic insight but change in focus across the workforce.” 
Microsoft is also working with regulators to ensure com- 
pliance. The design of Azure ensure that any data-protection 
laws can be easily adhered to. Azure’s top officer, Brad Smith, 
proposed policies, “such as a ‘Digital Geneva Convention’ to 
protect people from cyber-attacks by nation-states. He is also 
behind Microsoft’s comparatively cautious use of artificial 
intelligence and calls for oversight of facial recognition. The 
firm has been relatively untouched by the current backlash 
against tech firms and is less vulnerable to new regulation.” 
In conclusion, the technology disruption that Microsoft 
faced could have brought down the company, since they 
were so focused on their operating system. But they were 
able to not only make a strategic planning shift, but also 
change the employees and their culture to greatly succeed. 


Critical Thinking Questions 


1. Trace the history of Microsoft’s financials. Use Excel to 
graph its stock value to see when the turnaround dis- 
cussed in this case began to have an effect. 

2. Microsoft was able to make meetings less frequent but 
more productive. Research the Internet for software that 
enables productive meetings. Choose one that looks the 
best and write a one-page paper on its features. 


SOURCES: Bartleby. 2019. “Send in the Clouds.” The Economist 
7/4/2019 Accessed 8/8/2019 at bttps./Avww.economist.com/busi- 
ness/2019/07/04/send-in-the-clouds;, Cox, Mark. 2019. “Microsoft Lays 
out FY19 vision, strategy, and plans for execution at Inspire Kickoff” 
Channelbuzz.ca. Accessed 8/8/2019 at hitps:/channelbuzz.ca/2018/07/ 
microsoft-lays-out-[y19-vision-strategy-and-plans-for-execution-at-in- 
spire-kickoff-26711/, Business-News. 2019. “How Microsoft survived 
the creative destruction.” 7/1/2019 Business-News.club. Accessed 
8/8/2019 at hitps:/Avww.business-news.club/how-microsoft-sur- 
vived-the-creative-destruction/, The Economist. 2019. “What Microsoft’s 
Revival can teach other Tech Companies” 7/25/2019. The Economist. 
Accessed 8/8/2019 at https:/jvww.economist.com/leaders/2019/07/25/ 
what-microsofts-revival-can-teach-other-tech-companies 
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Principles Learning Objectives 


e Organizations can obtain software using e Identify the pros and cons associated with subscribing to, 


one of three basic approaches: subscribe, 
buy, or build. 


When evaluating and purchasing off-the- 
shelf software, an organization must con- 
sider the effort required to modify both the 
new software package and the existing 
software so that they work well together. 


A system developed using the Waterfall 
approach moves from one phase to the 
next, with a management review at the 
end of each phase. 


Agile development is an iterative system 
development process that develops a sys- 
tem in “sprint” increments lasting from two 
weeks to two months. 


buying, and building software. 


Explain the advantages and disadvantages of the software 
as a service (SaaS) model. 


Identify two approaches to software development. 


Outline a process for evaluating and selecting a software 
package. 


e Identify the key factors to be considered when selecting a 


software package. 


Identify the advantages and disadvantages of the Waterfall | 
approach to system development. 


Identify and state the goal of each of the six phases of the 
Waterfall approach. 


Identify and briefly describe the primary tools and tech- 
niques used during system development. 


Define five types of feasibility that must be assessed. 


Identify the purpose and participants involved in vari- 
ous types of testing from unit testing to user acceptance 
testing. 


Identify three approaches for system cutover. 
Describe the Agile development process. 


Identify the advantages and disadvantages of the Agile 
system development approach. 


Describe the role of the Scrum master and product owner 
in the Scrum framework. 


Discuss extreme programming (XP) and DevOps. 
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IS in Action 


Maine Goes Agile 


Æ ANALYTICAL THINKING, APPLICATION 


When Jim Smith started as CIO for the state of Maine, the Office of Information Technol- 
ogy was using traditional Waterfall methods for all its development projects. However, 
when Jim began looking into current and past IT projects at the state level, he found that 
many projects were failing. They were coming in late or over budget—or not coming in at 
all. With the Waterfall methodology, projects were taking two to three years to complete. 
Technology was changing at a much faster rate than the IT staff could develop. 

Based on his findings, Smith, along with Associate CIO Paul Sandlin, decided it was 
time for the department to make significant changes to the way in which new systems and 
applications were developed. They began a transition into Agile development, knowing 
that it would take time to have everyone trained. “It’s a cultural shift, because people are 
used to that two or three years of analysis and design” says Smith. According to Sandlin, 
the first step was ensuring that both the product owner and the IT staff were making the 
right decisions based on the needs of the agency and not their own individualized needs. 

By making a slow and well-planned transition to Agile methods, Maine’s IT department 
has learned over the years how to harness the power of Agile to meet the needs of their 
customers and end users. Part of that transition has been educating others about why the 
department has chosen to move from Waterfall to Agile development by sharing lessons 
learned on the Web site of the department’s Project Management Office. 

One key lesson is to start small. Agile has a learning curve, and it is better to learn 
and make mistakes on a smaller project than a large one. Also, team members need 
to be trained before they can be successful. Training during a project may result in a 
failed project. The department also emphasized the importance of communication. For an 
Agile project to be successful, the product owner must communicate effectively—in part, 
because if the owner is not communicating, the outcome may not fit the business needs. 
Communication with the customers and end users, who may not be familiar with IT and 
Agile terminology, is also critical. Talk on the level of the user so everyone can understand 
what is being said. 

These are just a few of the lessons the IT department has identified as being key to 
success on Agile projects. Smith and Sandlin noted that while they were not perfect in 
their implementation, they learned a lot from their efforts and continue to work to make 
the process even better. Although there was not a “silver bullet” to their success, getting 
the businesses involved, engaging the customers, and delivering on time were all import- 
ant factors. 

Projects can fail for many reasons. Each company must decide which method will work 
best for them. Companies that are not getting the desired outcome should reevaluate their 
methodologies to identify necessary changes, provide additional training, and improve 
communication within the team. 


As you read this chapter, consider the following: 


e What options exist for organizations to acquire or develop an information system? 
e What role should end users and other stakeholders play in the acquisition or 
development of a new system? 
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Why Learn About System Acquisition and 
Development? 


Throughout this book, you have seen many examples of the use of information systems to support 
organizations and people in a variety of careers. But where does an organization start when looking to 
acquire or develop these systems? And how can you work with IS personnel, such as system analysts 
and computer programmers, to get the information systems you need to succeed on the job or in your 
own business? This chapter provides the answers to these questions, along with specific examples of 
how new or modified systems are initiated, analyzed, designed, constructed, tested, and implemented in 
a number of industries. We start with a discussion of the forces that lead an organization to acquire new 
software and then move on to an overview of the three basic approaches to acquiring software. 


Subscribe vs. Buy vs. Build ree am 


Organizations continue to spend considerable time and resources developing 
and acquiring software to support a wide range of applications, including 
business intelligence and analytics, e-commerce, enterprise-level functions, and 
mobile apps. Opportunities and problems that frequently trigger the initiation 
of an information system project include the following: 


Organizations may pursue opportunities to use information systems to 
support a key organization strategy or to seize a significant, and ideally 
long-term, competitive advantage. To better leverage its cloud-based 
logistics software and keep up with customer demand, Amazon started 
the Amazon Delivery Service Partner program, which allows individuals to 
start a small delivery service company as a partner with Amazon. Once an 
individual’s application to the program is accepted and approved, Amazon 
provides three weeks of training along with an operations and technol- 
ogy tool kit that helps the new owners start to build their delivery service 
business.’ 

The need to improve business processes prompts some businesses to 
pursue opportunities outside their traditional areas of business. Dealer 
Tire, a tire and automotive parts distributor, asked its data analytics 
team to predict when each customer would need new tires. This simple 
question led to the development of the Tire Trigger application, which 
allows dealers to send notifications to consumers when it is time to 
consider replacement purchases, much like a health care notification 
for a checkup. Dealer Tire has different models of the Tire Trigger 
application that it can sell to dealers, in addition to its more traditional 
automotive products, based on their needs. The expectation is that “By 
2020, analytics that can help companies predict outcomes and prescribe 
courses of action will attract 40 percent of enterprises’ new investment 
in business intelligence and analytics software, according to Gartner 
research.”? 

To stay competitive and profitable, companies must upgrade the core 
tools they use to deliver products and services to their customers. 
Suddath Company, a successful, 100-year-old commercial moving 
company, did just that with the development of its Suddath Estimator 
software. By combining mobile and cloud technology, machine learning, 
and software algorithms, Suddath was able to transform its business by 
eliminating the time-consuming manual estimating process used by its 
salespeople. Using the Estimator software, Suddath salespeople are now 
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able to quickly create accurate digital estimates. The new platform has 
not only saved the company time by cutting down on data entry and 
administrative tasks, it has also increased the sale conversion rate— 
resulting in higher revenue for the company. 


Organizations can obtain software using one of three basic approaches: 
subscribe, buy, or build. Subscribing to an on-demand software service, also 
known as software as a service (SaaS) or application as a service (AaaS), can 
be a more cost-effective way for an organization to obtain software. 

Buying off-the-shelf software is less risky and leads to quicker deployment; 
however, maintenance and support costs may become expensive with this 
approach, and the software may not be an exact match to the needs and work 
processes of the organization. 

Building custom software can provide a better match to the current work 
processes along with a potential competitive advantage; however, software 
development can be extremely costly, and it can take months or even years to 
develop custom software. 

The advantages and disadvantages of these three approaches are summa- 
rized in Table 13.1. 


TABLE 13.1 The pros and cons of subscribing versus buying versus building 


Strategy Pros Cons 

Subscribe The software can be a more cost-effective solution On-demand software is usually offered “as-is” and 
for small projects and a good fit for temporary cannot be modified to match the organization’s 
needs. needs. 
Software updates and upgrades are completed An organization incurs recurring licensing costs. 


by the vendor after being tested for consistency. 
Technical support is typically available 24/7. 


Buy A software solution can be acquired and deployed Unmodified, the software may not be a good match 
relatively quickly. to an organization’s needs. 
An organization can “test drive” software before Maintenance and support costs can become 
acquiring it. excessive. 

Build Customized software is more likely to be a good The cost to build a system can be quite high 
match to an organization’s needs. compared to the cost of purchasing off-the-shelf 
A custom application provides the potential to software. 
achieve competitive advantage. Customized software can take months or even 


years to deploy. 


Recall that SaaS is a software distribution model under which a third-party 
provider hosts an application and makes it available over the Internet to sub- 
scribers who typically pay a monthly fee per user. SaaS is discussed in detail 
in the next section. 

Buying existing software developed by a software manufacturer enables an 
organization to test drive and evaluate it before making a major commitment 
to purchase it and install it. Once purchased, the existing software can be 
installed with minimal disruption (ideally) so that user needs can be quickly 
met, and the organization can begin reaping the benefits from the informa- 
tion system. Software buyers do not actually own the software, nor can they 
access it to make changes or improvements; they are simply licensed to use the 
software on a computer. With no access to the underlying source code, user 
organizations must pay maintenance and support costs to the manufacturer or 
to a third party authorized to fix bugs or add new functionality. For some orga- 
nizations, these costs can become excessive. As a result, many organizations 
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system development: The 
set of activities involved in building 
information systems to meet users’ 
needs. 


Critical 
Thinking 
Exercise 


turn to open source software, which permits access to the source code, so that 
it can be studied, changed, and improved by the organization’s own software 
professionals—with no maintenance charges. Indeed, the amount and quality 
of support for open source software is dependent on whether there are people, 
resources, and interest among the organizations using the software to develop 
updates and fix bugs. 

The set of activities involved in building information systems to meet users’ 
needs is called system development. System development projects can range 
from small to very large and are conducted in fields as diverse as nuclear sci- 
ence research and video game development. If an organization elects to build 
a system, it can use its own employees (perhaps augmented with contractors) 
to develop the system, or it can hire an outside company to manage and/or 
perform all the system development work. The latter approach allows an orga- 
nization to focus on what it does best, by delegating software development to 
companies that have world-class development capabilities. This can be import- 
ant because the system development efforts for even relatively small projects 
can require months, with large projects requiring years of effort. Unfortunately, 
despite everyone’s best efforts, a significant number of large system develop- 
ment projects fail. 

Organizations can use several different approaches when developing their 
own software. Two of those—the Waterfall and Agile software development 
processes—are discussed later in this chapter. 


Buy or Build for Investment Opportunity 
Æ SYSTEMS AND PROCESSES, DECISION MAKING 


Package Form (fictional) is a small manufacturing company that creates display 
packaging for boxed items, such as toys and household items. To increase 
sales, the owners of the company have decided to expand into floor displays 
and billboards. Their financial advisors have told them that investors will 
want to see design samples before committing money to their project, which 
means the expansion can only take place if the investors are impressed by 
the designs. 

You are a member of the IT department at Package Form, and you have been 
asked to research the software required to develop the new product demonstra- 
tions. You have found that the software can be purchased from various vendors 
and that there are even some open source options that could be modified to fit 
the organization’s needs. You also have in-house software developers that could 
modify your existing software so it could be used to develop the product samples. 
The decision on how to proceed must be made quickly, and you have a limited 
budget. 


Review Questions 

1. Outline the available options, including the pros and cons of each. 

2. Given the short time frame, would you consider modifying the current software 
to meet the needs of the company? Why or why not? 


Critical Thinking Questions 

1. How would you go about identifying the requirements for the new software? 
How would you research the software needed? 

2. What do you think might be the biggest barriers to finding the right software 
to meet the needs of the company with a limited budget? 
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Software as a Service (SaaS) : A 


INTERNET dÒ © REMOTE 


DIGITAL 


SAF 


sorrware | 
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Microsoft Office 365 is an example of a SaaS product. Microsoft offers this 
productivity suite for individuals and organizations, with multiple subscription 
options available, including monthly or annual commitments. The price of the 
subscription varies based on which applications and services are included, as 
well as the number of users.* 

Adobe also offers subscription-based licenses for its Creative Cloud suite, 
which includes applications such as InDesign, Illustrator, and Photoshop. As 
with Office 365, different Creative Cloud licenses are designed to meet the 
needs of individual, businesses, schools, and universities. The license costs are 
based on the number of applications—with up to 20 applications available— 
and the number of users. Different pricing structures allows individuals and 
companies to select the option that best meet their needs. Adobe even offers a 
consultant to help businesses and other organizations select the right licensing 
option.’ 

SaaS is often associated with platform as a service (PaaS) and infrastruc- 
ture as a service (laaS). PaaS is an application cloud deployment method that 
provides users with a complete computing platform, typically including operat- 
ing system, programming language execution environment, database services, 
and Web server. PaaS enables an organization’s developers to create software 
applications and collaborate on project regardless of their physical location. 
The management of the software and data storage is performed by the vendor. 

With IaaS, an organization outsources the equipment used to support its 
data processing operations, including servers, storage devices, and networking 
components. Under an IaaS license, the organization manages the data and 
applications while the vendor manages the operating system and virtualization. 
Unlike a PaaS license, an IaaS license allows the organization to pay only for 
the amount of hardware it uses. As the usage increases, the fee will increase.° 


Advantages of SaaS 


There are many advantages to obtaining software via a SaaS subscription. One 
advantage is how quickly the company can benefit from the software. After a 
decision has been made to acquire new software, a timeline is established for 
the project. Sometimes this timeline is short due to the needs of the company. 
Utilizing SaaS allows the company to bypass the process of verifying if exist- 
ing hardware will run the new software and avoid the expense of upgrading 
hardware before purchasing and installing software. Because SaaS runs in the 
cloud, companies can more quickly realize a return on their investment.’ 
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perpetual license: A license 
provided for one installation, with 
new software editions requiring new 
licenses; usually purchased by the 
bundle, called seats, and loaded on 
individual computers. 


Another advantage of subscription-based software is the technical sup- 
port typically offered with this type of license. A business relies on its data 
being available, so technical support is vital to ensuring its operations are 
not interrupted. When evaluating subscription-based software, an organization 
must determine the level of technical support that will be provided with the 
subscription. Researching this topic might be a simple matter of reviewing 
the vendor’s Web site for technical support details, Microsoft and Adobe, for 
instance, include information on the availability of technical support (24 hours 
a day, 7 days a week) on their Web sites. Technical support should be on the 
list of factors reviewed before purchasing any SaaS software. 

SaaS is deployed over the Internet, meaning deployment and management 
is handled from a centralized location. SaaS models utilize cloud storage and 
Internet browsers for data access and user interface, which lets companies save 
money on technical support staff and in-house technology expense.* A com- 
pany can run its business from a computer with any browser—or even from 
a mobile device. Employees can access data from anywhere in the world, and 
the data remains secure on the server. 

Another advantage of SaaS is its lower implementation costs. Most SaaS 
providers develop software to run on a wide variety of browsers, so companies 
can run on existing hardware. SaaS software can be implemented, or deployed, 
during normal business hours, as the software is not installed on the organi- 
zation’s computers. Users can be trained online, or the price of training can be 
negotiated within the contract, for minimal impact on productivity. All of this 
enables quick integration and little to no downtime. 

Unlike off-the-shelf software, which must be licensed for each computer, 
SaaS software can be licensed on a per user basis, meaning the fees are based 
on the number of users logged into the system at any given time. Once capacity 
is reached, additional users must wait until someone exits the system before 
they can gain entry. As the company grows, the licenses or seats, can be 
increased. Adding capacity in this manner saves both time and money for the 
organization. Depending on the size of the organization, this feature can give 
the company flexibility in managing its software costs. 

Upgrades to software can be costly for purchased software. If a perpetual 
license has been purchased, then upgrades, which can be expensive, must be 
evaluated. If a security-related upgrade is not performed, the business risks 
opening itself to viruses, hackers, and ransomware. Some software packages 
may require that upgrades be installed for continued support. SaaS software 
upgrades, on the other hand, are tested by the provider and then deployed 
via the Web. These upgrades are included in the contract, unless requested 
otherwise. If the software has been customized, the vendor performs testing 
to ensure the upgrades are not affected. 

Scalability, the ability of the software and hardware to expand and adapt 
with increasing demand, can be a concern to a growing company. SaaS soft- 
ware offers a solution in terms of both scalability and flexibility. As the com- 
pany grows, new tools or capabilities can be turned on by the provider without 
the company needing to upgrade servers or expand data storage. The provider 
controls, or owns, those responsibilities, so the company’s IS department can 
focus their efforts on the day-to-day operations of the business. For smaller 
companies that outsource their support services, or do not have developers 
on staff, this level of service can provide significant savings in terms of both 
time and money. 


Disadvantages of SaaS 


Companies must also evaluate any potential disadvantages before deciding to 
implement SaaS. If a company does not do its due diligence, it could end up 
paying for a software subscription that is costly and does not meet its needs. 
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Because SaaS is deployed over the Internet, it requires a company to have 
a stable Internet connection. Although most software packages allow users to 
work offline and synchronize data when a connection becomes available, this 
is not the optimal way to conduct business. If users rely on having the most 
up-to-date data, working offline may cause errors and rework. Even after a 
connection is reestablished, if a record has been updated by multiple users, 
the software may not be able to synchronize all the updates. Before utilizing 
SaaS, a company should perform an analysis of its connectivity to ensure the 
best outcome for productivity.’ 

Another potential area of concern is the sharing of data with a third-party 
provider. Security and privacy are topics that must be addressed by all orga- 
nizations. Software companies that rely on a third-party vendor to host their 
data must be secure in the knowledge that the data is protected. Some ques- 
tions that must be asked are (1) What security protocols are in place? (2) Are 
regular security updates being performed? (3) Who has access to the server? 
(4) What type of monitoring is in place? (5) What is your reporting protocol? 
These questions should be answered before any contract is signed. Some 
organizations must take it even farther due to regulations, such as HIPAA (the 
Health Insurance Portability and Accountability Act), which has strict guide- 
lines related to security and privacy. Under HIPAA, organizations that have 
data breaches can be penalized millions of dollars per breach. One question 
that should be asked by organizations covered under HIPAA is “Where is the 
data is stored?” Even if the data storage unit is outside of the United States, 
the organization must still ensure that security measures are taken to protect 
the data. If the data is breached, federal laws, including the penalties of HIPAA, 
still apply." 

When researching SaaS options, the decision makers in the organization 
must look at more than just the functionality of the software. Along with 
security issues and the availability of specific tools, the software provider 
itself must be researched. After a provider is selected and the software is 
implemented, there will be an ongoing relationship between the business 
and the provider. A contractual agreement should detail the conditions under 
which either party can terminate the contract. For example, what happens if 
the provider files for bankruptcy? Who would be the legal owner of the data 
on the provider’s servers? Would the software cease to run? Including contract 
clauses that address these types of concerns is standard practice for established 
SaaS providers. 


Critical New Project Software 


Thinking yy DECISION MAKING 
Exercise 


Alpha Furniture Company (fictional) is a small, family-owned furniture company 
that uses installed licensed software. The company now wants to expand opera- 
tions, and it needs a retail point-of-sale system that is designed for the furniture 
industry. 

Although the company currently has a small staff, some employees move 
between the corporate office, the showroom, and the warehouse. The company 
needs to ensure that all employees have access to the software from all three loca- 
tions. For example, Sonia is the accounting manager. Her office is in the corporate 
building. During inventory, however, she may be working out of the warehouse but 
will still need access to the accounting system. Alpha is also hoping to open two 
new locations in the next five years, so it needs a solution that is easily scalable 
to the new locations. In addition, the owners of the company are spending more 
time out of the office on business and would like access to the system while they 
are traveling. 
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Buying Off-The-Shelf-Software 


As the new IT director, you have been asked to find a software solution to 
meet the changing needs of the company. Because you do not have a program- 
ming staff, the options include purchasing off-the-shelf software or subscribing to 
on-demand software. 


Review Questions 

1. What questions would you ask internally before beginning the search for new 
software? 

2. Would you select PaaS for this software implementation? Why or why not? 


Critical Thinking Questions 

1. What advantages does SaaS offer your company? Do these advantages outweigh 
other factors—even if paying for a subscription would be more expensive? 

2. What are the disadvantages you might find in SaaS for your company? Could 
this make you recommend against SaaS? Why or why not? 


Today, most organizations purchase or subscribe to the software services they 
need—simply because it costs too much and takes too long to build a quality 
information system. An organization elects to build proprietary systems only 
when its information system requirements are unique. This may be because of 
the nature of the business or because the organization is attempting to build an 
information system that will provide it with a strategic competitive advantage. 

A software application can vary from an unmodified, commercial off-the- 
shelf (COTS) software package at one extreme to a custom, written-from- 
scratch program at the other extreme. Between those two extremes is a 
range of options based on the degree of customization. A comparison of the 
two extreme approaches is shown in Table 13.2. One question that must be 
answered during the system analysis phase is “Which solution approach is best 
for this system?” This decision is often called the make-or-buy decision. 


TABLE 13.2 Comparison of developed and off-the-shelf software 


Factor 


Cost 


Needs 


Process improvement 


Quality 


Speed 


Staffing and support 


Competitive advantage 


Develop (Make) 


The cost to build the system can be diffi- 
cult to estimate accurately and is frequently 
higher than off-the-shelf software. 


Custom software is more likely to satisfy an 
organization’s needs. 


Custom software tends to automate existing 
business processes even if they are poor. 


Quality can vary depending on the 
programming team. 


Custom software can take years to develop. 


Development requires skilled in-house 
resources to build and support a 
custom-built solution. 


An organization can develop a competitive 
advantage with good software. 


Off-the-Shelf (Buy) 


The full cost to implement an off-the-shelf 
solution is also difficult to estimate accu- 
rately but is likely to be less than a custom 
software solution. 


Buyers might not get exactly what they 
need. 


Adoption of a package may simplify or 
streamline a poor existing business process. 


Buyers can assess the quality before buying. 


Off-the-shelf software can be acquired 
immediately. 


Organizations purchasing off-the-shelf soft- 
ware need to pay the vendor for support. 


Other organizations may use the same soft- 
ware and therefore have the same advantage. 
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FIGURE 13.1 


Software package 


implementation process 
Software package implementation 
eliminates several of the phases of 
the waterfall approach. 


request for information 

(RFI): A document that outlines an 
organization’s hardware or software 
needs and requests information from 
vendors about if and how they can 
meet those needs and the time and 
resources required. 
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Package Evaluation Phase 


Purchasing off-the-shelf software requires that an organization go through 
several steps to ensure that it purchases the software that best meets its needs 
and then implements it effectively. These steps are part of the package evalu- 
ation phase of a project that comes after the system analysis phase, as shown 
in Figure 13.1. By purchasing a software package, an organization can elimi- 
nate several phases of the Waterfall development approach (discussed later in 
this chapter). At this point in the project, the scope of the system and critical 
business and user requirements should be known. There should be a rough 
budget and schedule as well. 
The steps in the project evaluation phase include the following: 


Identify potential solutions 

Select top contenders 

Research top contenders 

Perform final evaluation of leading solutions 
Make selection 

Finalize contract 


GNM BS Qe a 


Investigation 


— 


Systems 
analysis 


— 


Package 
evaluation 


— 


Integration & 
testing 


— 


Implementation 


Identify Potential Solutions 

The project team should make a preliminary assessment of the software mar- 
ketplace to determine whether existing packages can meet the organization’s 
needs. The primary tool for doing this is the request for information (RFI), 
a document that outlines an organization’s needs and requests vendors to 
respond with information about if and how they can meet those needs and 
the time and resources required. See Figure 13.2. The RFI outlines the scope of 
the desired system and preliminary system requirements based on the results 
so far of the system analysis. Importantly, the RFI should ask each vendor to 
identify two or three customers who may be contacted as references. The RFI 
is typically sent to several vendors who are thought to be capable of providing 
the desired software. 
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Request for Information 
Table of Contents 


DESCRIPTION OF DESIRED SYSTEM 
PRELIMINARY SYSTEM REQUIREMENTS 


C= = INFORMATION REQUESTED 
WHO TO CONTACT FOR FURTHER INFORMATION 
DATE RESPONSE DESIRED 


Recommended table of contents for a request for information 


The RFI outlines the desired system and its requirements, identifying key pieces of data that the soft- 
ware vendor must include in the proposal. 


performance evaluation test: 

A comparison of vendor options 
conducted in a computing environment 
(e.g., computing hardware, 

operating system software, database 
management system) and with a 
workload (e.g., number of concurrent 
users, database size, and number of 
transactions) that matches its intended 
operating conditions. 


Select Top Contenders 

The project team will review the information provided by the vendors in 
response to the RFI and then narrow the options to the most promising alter- 
natives for further evaluation. This may require a visit to a vendor’s place of 
business to meet key managers and observe a demo of the vendor's system. This 
selection is made on the basis of how well the vendor’s software appears to meet 
the organization’s needs, preliminary cost and timing estimates, information 
gleaned from references, and how easy the vendor has been to work with so far. 


Research Top Contenders 

A final evaluation begins with a detailed investigation of the contenders’ propos- 
als as well as in-depth discussions with two or three customers of each contender 
to learn about their experience with the vendor and the software. An organization 
must carefully evaluate each vendor’s software package to see how well it sup- 
ports the business processes that are within the scope of the project. Looking at 
each business process, the organization should determine if the package supports 
the process fully and exactly as it needs to be performed. If not, must the software 
be modified to meet the organization’s requirements, or must the organization 
modify its business process? If an organization decides it must modify the soft- 
ware to meet its business requirements, it must then determine who will do the 
necessary modifications, how long they will take, and how much they will cost. 

Often, purchased software must integrate with other existing software 
(e.g., a new accounts payable and accounts receivable software package must 
integrate with the firm’s existing general ledger system). The amount of effort 
required to modify the new software and existing software so that they work 
well together must be determined and considered as a major factor when 
selecting the final vendor and software. 

For major software purchases, the contenders should be asked to make a 
final presentation and to fully demonstrate their solution using a performance 
evaluation test conducted in a computing environment (e.g., computing hard- 
ware, operating system software, database management system) and with a 
workload (e.g., number of concurrent users, database size, and number of trans- 
actions) that matches the intended operating conditions. Such a test can help 
measure system performance attributes such as ease of use and response time. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


CHAPTER 13 © System Acquisition and Development 511 


Make Selection 


Selecting the best software package solution involves weighing the following 
factors: 


e How well the vendor’s solution matches the needs of the users and 
business 

e The amount of effort required to integrate the new software with 
existing software 

e Results of the performance evaluation test 

e Relative costs (including any software modifications) and benefits 

e The technical, economic, legal, operational, and schedule feasibility 

e Input from legal and purchasing resources on the legal and financial 
viability of the contender 

e Feedback from customers on how well the software performs as well as 
on the quality of the support provided by the vendor 


Finalize Contract 


After a selection is made, a contract with the vendor must be negotiated and 
finalized. Although the vendor may insist that everyone signs a standard con- 
tract, every contract should be thoroughly reviewed by experienced members 
of an organization’s legal and purchasing departments. Recognize that the stan- 
dard contract is written from the vendor’s perspective and protects its interests, 
not yours. Request a copy of the vendor’s standard contract at the start of the 
software package evaluation process and allow at least two months for review 
and negotiation of a final contract. 

Organizations that use the cloud-computing or SaaS approach need to take 
special precautions in signing contracts with the service provider. The contract 
should clarify how the provider ensures data privacy, handles discovery if there 
is a lawsuit, resolves service-level problems, and manages disaster recovery; 
it should also detail where the cloud-computing servers and computers are 
located. Organizations should confirm this information in discussions with 
other customers of the service provider and by a visit to the service provider’s 
facilities. 

A contract covering the modification of a software package should have 
provisions for monitoring system modification quality and progress, ownership 
and property rights of the new or modified system, contingency provisions in 
case something doesn’t work as expected, and dispute resolution if something 
goes wrong. Customizing the package changes the package into custom-made 
software, resulting in the potential loss of support from the original vendor. 
This might necessitate third-party support, which should be factored into the 
contract negotiations. 


Integration and Testing 


Several types of testing must be conducted before a software package is ready 
to be put into production. This is particularly true if the software package has 
been modified to meet the needs of the organization or if the software package 
must integrate with existing information systems. 

The following types of tests, discussed later in the chapter, need to be 
completed: 


1. Integration testing 

2. System testing 

3. Volume testing 

4. User acceptance testing 
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Critical 
Thinking 
Exercise 


Implementation 


The organization cannot just count on the vendor to execute the implementation 
of the package—full and active participation by the project’s stakeholders and 
end users is essential to success. Key implementation tasks include the following: 


e Use data-flow diagrams to map current business processes and require- 
ments to the software, and identify any gaps that must be filled by 
changing current processes or by modifying the software. 

e Install the software and configure all its capabilities and options to meet 
the project requirements. 

e Customize aspects the solution as needed for the organization. 

e Integrate existing software with the new software. 

e Train end users. 

e Test the software to ensure that it meets all processes and requirements. 

e Convert historical data from the old software so that it can be used by 
the new software. 

e Roll out the new software to users in a live work environment. 

e Provide for ongoing end-user support and training. 


Hospital Switches EHR Software 
= DECISION MAKING 


Midwest Regional Hospital (fictional) is a 500-bed general medical and surgical 
facility with 25,000 admissions and 7,500 annual inpatient and 17,500 outpatient 
surgeries annually. Its emergency room has 52,000 visits each year. It is a nonprofit 
hospital that treats both adult and child patients. More than 1200 nurses, techni- 
cians, doctors, and physicians practice at the hospital. 

An electronic health record (EHR) is an electronic version of a patient’s med- 
ical history that is maintained by the provider over time, and it may include all of 
the key administrative clinical data relevant to that person’s care, including demo- 
graphics, progress notes, problems, medications, vital signs, past medical history, 
immunizations, laboratory data, and radiology reports. The EHR automates access 
to this information, and the more sophisticated versions of EHR software can also 
produce an online “digital chart” that displays up-to-date patient information in 
real time, complete with decision-support tools for physicians and nurses. One of 
the key features of an EHR is that health information can be created and managed 
by authorized providers in a digital format capable of being shared with other 
providers across more than one healthcare organization, including laboratories, 
specialists, medical imaging facilities, pharmacies, emergency facilities, and school 
and workplace clinics. 

Midwest Hospital was an early pioneer in the adoption of EHR software. Unfor- 
tunately, the vendor that Midwest selected has not been able to keep up with evolv- 
ing regulatory requirements and the changing needs of its healthcare clients. Its 
software is fast becoming obsolete, and it is rumored that the firm will soon elimi- 
nate support of its software. You have been hired as a consultant to lead a project 
to replace the original software with software from one of the current leading EHR 
software providers—Allscripts, Cerner Corporation, or Epic Systems Corporation. 


Review Questions 

1. Is there a need to conduct a preliminary software package evaluation? Why or 
why not? 

2. What tasks would you attempt to complete in your first two weeks as project 
leader? 
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Critical Thinking Questions 

1. The hospital administrators have made it clear to you that the software ven- 
dor must be chosen and the software installed as soon as possible. What 
measures do you feel comfortable taking to accelerate the process without 
raising the risk of choosing the wrong software or having a rough system 
start-up? 

2. A safety-critical system is one whose failure or misuse may cause human injury 
or death. Given that an EHR system is such a system, which tasks associated 
with software implementation deserve special attention? 


Waterfall System Development Process 33 . 2 


Waterfall system development The Waterfall system development process is a sequential, multistage sys- 
process: A sequential, multistage tem development process in which work on the next stage cannot begin until 
eye leur development process in which the results of the current stage are reviewed and approved or modified as 
work on the next stage cannot begin : : 
until the results of the current stage necessary. It is referred to as a Waterfall process because progress is seen as 
are reviewed and approved or modified flowing steadily downwards (like a Waterfall) through the various phases of 
as necessary. development. The phases of the Waterfall system development process can 
vary from one company to the next, but many organizations use an approach 
with six phases: investigation, analysis, design, construction, integration and 
testing, and implementation. Once the system is built, organizations com- 
plete the additional steps of operation and maintenance and disposition. See 
Figure 13.3. 


FIGURE 13.3 
Waterfall system development process 
Progress flows steadily downwards (like a Waterfall) through the various phases of development. 
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system investigation: The initial 
phase in the development of a new or 
modified business information system 
whose purpose is to gain a clear 
understanding of the specifics of the 
problem to solve or the opportunity to 
address. 


As shown in Figure 13.3, a system under development moves from one 
phase of the Waterfall process to the next. At the end of each phase, a review is 
conducted to ensure that all tasks and deliverables associated with that phase 
were produced and that they are of good quality. In addition, at the end of 
each phase, the overall project scope, costs, schedule, and benefits associated 
with the project are reviewed to ensure that the project is on track and worth 
completing. As a result, the Waterfall approach allows for a high degree of man- 
agement control. It is for this reason that this approach is frequently followed 
when an organization contracts with another to build its information system. 
However, a major problem with this approach is that users do not interact with 
the solution until the integration and testing phase, when the system is nearly 
complete. This can lead to a mismatch between system capabilities, users’ 
expectations, and organizational needs. Table 13.3 lists additional advantages 
and disadvantages of the Waterfall system development process. 


TABLE 13.3 Advantages and disadvantages of Waterfall system 
development process 


Advantages Disadvantages 


Formal review at the end of each Users get a system that meets the 
phase allows maximum management needs as understood by the develop- 
control. ers; however, this might not be what 


the users really needed. 


This approach requires creation of Often, user needs go unstated or are 
considerable system documentation miscommunicated or misunderstood. 
so that system requirements can be 

traced back to stated business needs. 


This approach produces many inter- Users can’t easily review intermediate 
mediate products that can be reviewed products and evaluate whether a 

to measure progress toward develop- product (e.g., a data-flow diagram) 
ing the system. will lead to a system that meets their 


business requirements. 


The Office of Information Technology for the U.S. Department of Veterans 
Affairs (VA) has an annual budget of over $4 billion—the vast majority of which 
is used to maintain legacy, or existing, systems that need to be updated or 
replaced. Over the last twenty years, the VA undertook three separate projects 
intended to upgrade the agency’s electronic health record system. All three 
projects came in over budget and behind schedule, and they produced faulty 
systems that were not integrated as a whole. These projects obviously would 
have benefitted from a higher degree of management control; unfortunately, 
CIOs at the VA lasted less than two years on average, meaning no one stayed 
in that critical leadership position long enough to establish the strategic plan- 
ning and project management practices necessary to effectively complete such 
complex projects." 


System Investigation 


System investigation is the initial phase in the development of a new or 
modified business information system whose purpose is to gain a clear under- 
standing of the specifics of the problem to solve or the opportunity to address. 
What is the scope of the problem? Who is affected and how? How often does 
this occur? After gaining a good understanding of the problem, the next ques- 
tion is, “Is the problem worth addressing?” Given that organizations have lim- 
ited resources—people and money—this question deserves careful attention. 
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What are the potential costs, both the one-time initial costs and recurring costs? 
What risks are associated with the project? If successful, what benefits, both 
tangible and intangible, will the system provide? The steps of the investigation 
phase are outlined next and discussed on the following pages: 


Review system investigation request. 

Identify and recruit team leader and team members. 
Develop budget and schedule for investigation. 
Perform investigation. 

Perform preliminary feasibility analysis. 

Prepare draft of investigation report. 

Review results of investigation with steering team. 


Se N: E= 


Review System Investigation Request 

Because system development requests can require considerable time and 
effort to investigate, many organizations have adopted a formal procedure 
for initiating a system investigation. Ideally, a system investigation request 
is completed by members of the organization that will be most affected by 
the new or modified system. This request typically includes the following 
information: 


e A preliminary statement of the problem or opportunity to be addressed 
(this will be refined during the investigation) 

e A brief discussion of how this effort aligns with previously defined com- 
pany and organization objectives, goals, and strategies 

e Identification of the general areas of the business and business processes 
to be included in the scope of the study (e.g., the handling of customer 
discounts in the order-processing system) 


The information in the system request helps senior management rationalize 
and prioritize the activities of the IS department and decide which investiga- 
tion projects should be staffed. Based on the overall IS plan, the organization’s 
needs and goals, and the estimated value and priority of the proposed projects, 
managers make decisions regarding which system investigation requests will 
be approved. 


Identify and Recruit Team Leader and Team Members 

After managers grant approval to initiate a system investigation, the next step 
is to identify and recruit the person who will lead the investigation phase, 
followed by the other members of the investigation team. The members of the 
investigation team are responsible for gathering and analyzing data, preparing 
an investigation phase report, and presenting the results to the project steering 
team. The system investigation team can be quite diverse, often with mem- 
bers located around the world. Business knowledge of the areas under study, 
communication, and collaboration are keys to successful investigation teams. 
Members of the development team may change as a project moves through the 
various development phases, depending on the knowledge, experience, and 
skills required during each phase. 


Develop Budget and Schedule for Investigation 


After the team has been formed, its members work together to develop a list 
of specific objectives and activities that must be accomplished during the sys- 
tem investigation phase along with a schedule for completing the work. The 
team establishes major milestones to help monitor progress and determine 
whether problems or delays occur in performing system investigation. The 
group also prepares a budget to complete the investigation, including any 
travel required and funds necessary to cover the use of any outside resources 
or consultants. 
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Perform Investigation 

The major tasks to perform during investigation include refining the initial 
problem definition and scope described in the system investigation request, 
identifying the high-level business requirements the system must meet, and 
identifying any issues or risks associated with the project. 


Joint Application Development 


joint application development Joint application development (JAD) is a structured meeting process that 
(JAD): A structured meeting process can accelerate and improve the efficiency and effectiveness of not only the 
that canAcoelerate ang prove tiie investigation phase but also the analysis and design phases of a system devel- 
efficiency and effectiveness of the ; : z : : 
investigation, analysis, and design opment project. JAD involves carefully planned and designed meetings in 
phases of a system development which users, stakeholders, and IS professionals work together to analyze exist- 
project. ing systems, define problems, identify solution requirements, and propose and 
evaluate possible solutions, including costs and benefits. See Figure 13.4. The 
JAD process has proven to be extremely effective and efficient at accomplish- 
ing these tasks. In addition, the highly participative nature of the sessions goes 
a long way to helping ensure stakeholders and users buy into the results. With 
technology such as group decision support systems and video conferencing, it 
is possible to conduct effective live JAD sessions with people located in many 
different places without the need for expensive travel. 


ESB Professional/Shutterstock.com 


FIGURE 13.4 
JAD session 
JAD can accelerate and improve the efficiency and effectiveness of the investigation, 
analysis, and design phases of a system development project. 


The success or failure of a JAD session depends on how well the JAD facilitator 
plans and manages the session. It is not unusual for the facilitator to spend three 
hours planning and preparing for the JAD session for each hour the JAD session 
lasts. In addition, the participants of a JAD session must be carefully chosen to 
include users of the system as well as people from other areas who will likely be 
affected by, provide input for, or receive output from the system. Ideally, people 
from the operational level as well as the executive level will attend. Table 13.4 
identifies the JAD session participants as well as their role and qualifications. 
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Role Responsibilities Qualifications 
Facilitator e Determine JAD session objective e Excellent meeting facilitator 
e Plan JAD session to meet objectives è Unbiased and does not take sides 
© Lead JAD session 
e Encourage everyone to participate 
Decision makers © Resolve conflicts e Stakeholders selected by project sponsor to 
e Avoid gridlock make decisions 
e Have the authority and willingness to make 
decisions 
Users © Describe business as it is and as it Represent all major areas affected 
should be e Expert in their area of the business 
© Provide business expertise 
e Define problems, identify potential 
benefits, analyze existing system, 
define requirements of a new system, 
and propose and evaluate possible 
solutions 
System developers @ Observe carefully © Member of system development team 
© Offer technical opinion on cost or 
feasibility, if requested 
© Gain deep understanding of customers’ 
needs and desires 
Scribe e Participate in discussion to clarify points Excellent listening skills 
and capture them accurately e Experience in using software engineering 
© Document key points, issues, next tools to document requirements and create 
steps, and decisions throughout the JAD system models 
session 
e 


Publish results of JAD session and solicit 
feedback 


functional decomposition: A 
technique that involves breaking down 
complex problems or systems into 
smaller parts, making them easier to 
manage and understand. 


The consulting firm Pierson Requirements Group uses JAD in working with 
its clients on a routine basis to provide business analysis solutions and process 
improvement training.” 


Functional Decomposition 

Functional decomposition is a technique that involves breaking down a com- 
plex problem or system into smaller parts that are more manageable and easier 
to understand. It is frequently used during the investigation phase to define the 
business processes included within the scope of the system. Recall that a pro- 
cess is a set of logically related tasks performed to achieve a defined outcome. 
A process is usually initiated in response to a specific event and requires input 
that it processes to create output. Often, feedback is generated that is used to 
monitor and refine the process. 

To create a functional decomposition chart (see Figure 13.5), begin with 
the name of the system and then identify the highest-level processes to be 
performed. Each process should have a two word “verb-subject” name that 
clearly defines the process. Next, break those high-level processes down 
into lower-level subprocesses. For the system investigation phase, two or 
three levels of decomposition are usually sufficient to define the scope of 
the system. 
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Manage 
suppliers 


FIGURE 13.5 
Functional decomposition chart 
Functional decomposition is used to define the scope of the system. 


feasibility analysis: An 
assessment of the technical, 
economic, legal, operational, and 
schedule feasibility of a project. 


technical feasibility: The process 
of determining whether a project is 
feasible within the current limits of 
available technology. 


economic feasibility: The 
process of determining whether the 
project makes financial sense and 
whether predicted benefits offset the 
cost and time needed to obtain them. 


Perform Preliminary Feasibility Analysis 

The technical, economic, legal, operational, and schedule feasibility are assessed 
during the feasibility analysis, which is only a preliminary analysis that will 
be repeated with more accuracy during the analysis and design phases, when 
more details about the system and its requirements are known. 

Technical feasibility examines whether a project is feasible within the 
current limits of available technology. Determining the technical feasibility is 
critical when new technology is first being considered for use within an orga- 
nization, prior to its widespread use. The agriculture industry is looking at 
ways to combat high labor costs by using sensors to obtain data on the specific 
nutrient compounds required by crops throughout the growing season and 
then employing robots and drones to apply the required nutrients only where 
needed. The farmers and the technology companies they are working with are 
looking at the technical (and economic) feasibility studies to determine that 
best way to leverage precision ag technology.’ 

Economic feasibility determines whether the expected benefits associated 
with the project outweigh the expected costs sufficiently to make the project 
financially attractive. Cost and benefit estimates should be made for multiple 
years to allow for calculation of the internal rate of return or net present value 
of the project. It is important to recognize that at this early stage of the devel- 
opment process, the cost and benefit amounts are rough estimates and subject 
to change should the project continue. So, while the mathematics involved may 
make it appear that the results are precise, the result is no more accurate than 
cash flow estimates, which are often no more than refined guesses. Table 13.5 
lists some of the typical costs and benefits that need to be considered. 


TABLE 13.5 Cost/benefit table 


Costs 


Year 1 Year 2 Year... Year N 


Costs to analyze, design, construct, integrate and test, and 


implement system 
Employees 
Vendor 


Software customization 
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Costs Year 1 Year 2 Year... Year N 
Travel 
Hardware costs 
Software tools costs 
Other costs 
Initial costs to establish system 
Software license fees 
New hardware costs 
Cost to upgrade existing hardware 
Cost to upgrade network 
User training 
Purchase of any necessary data 
Cost to migrate existing data to new system 
Other costs 
Ongoing operations costs 
Software lease or rental fees 
Hardware lease or rental fees 
Network usage fees 
System operations and support staff 
User training 
Increased electric and other utilities 
Costs associated with disaster recovery 
Other costs 
Tangible benefits (can be quantified in dollars) 
Reduction in current costs 
Reduction in current staff 
Reduction in inventory levels 
Reduction in computer hardware costs 
Reduction in software costs 
Other reduced costs 
Increase in revenue 
Increase in sales from reaching new customers 
Increase in sales from charging more 
Acceleration in cash flow 
Other increases in revenue 
Intangible benefits (difficult to quantify in dollars) 
Improved customer service 


Improved employee morale 
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legal feasibility: The process 
of determining whether laws or 
regulations may prevent or limit a 
system development project. 


operational feasibility: The 
process of determining how a system 
will be accepted by people and 

how well it will meet various system 
performance expectations. 


schedule feasibility: The process 
of determining whether the project can 
be completed within a desired time 
frame. 


system investigation report: A 
summary of the results of the system 
investigation, with a recommendation 
of a course of action. 


Organizations must guard against spending more than is appropriate as 
the success or failure of a system development effort will, at least to some 
degree, be measured against meeting the project budget. Systems projects can 
fail for many reasons but going over budget is one reason that can costs com- 
panies time and reputation. One project that was recorded as a failure was the 
electronic health record system for the U.S. Coast Guard. The project began 
in September 2010 and ended in September 2015. The Coast Guard officially 
terminated the project in April 2016. After two years of reviewing the project, 
a House subcommittee hearing revealed that a lack of management oversight 
allowed the project to exist with “poor or non-existent system development, 
management, and governance practices over the duration.” This failed project 
has accumulated a total price of over $67 million dollars, excluding the cost 
of personnel. 

Legal feasibility is the process of determining whether laws or regulations 
may prevent or limit a system development project. Legal feasibility involves 
an analysis of existing and future laws to determine the likelihood of legal 
action against the system development project and the possible consequences 
of such action. For example, nearly every country in Europe and many in Latin 
America, Asia, and Africa have implemented data protection laws that prohibit 
the disclosure or misuse of information held on private individuals. These 
laws make it possible for the human resources departments of multinational 
companies to share personal employee data across country borders only in 
limited circumstances. 

Operational feasibility is the process of determining how a system 
will be accepted by people and how well it will meet various system per- 
formance expectations. Assessing the operational feasibility of a project 
includes taking into consideration people issues, such as overcoming 
employee resistance to change, gaining managerial support for the system, 
providing sufficient motivation and training, and rationalizing any conflicts 
with organizational norms and policies. In other words, if the system is 
developed, will it be used? Operational feasibility also takes into account 
the need to meet certain system performance requirements (e.g., response 
time for frequent online transactions, number of concurrent users it must 
support, reliability, and ease of use) that are considered important to system 
users and stakeholders. 

Schedule feasibility is the process of determining whether a project can 
be completed within a desired time frame. This process involves balancing the 
time and resource requirements of the project with other projects. For exam- 
ple, many projects that involve delivering a new financial information system 
have a desired start-up date at the beginning of the organization’s fiscal year. 
Unfortunately, it is not always possible to meet this date, and so a compromise 
must be made—deliver part of the system at the start of the fiscal year or wait 
another year to deliver the full system. 


Prepare Draft of Investigation Report 

The system investigation ends with production of a system investigation 
report that summarizes the results of the system investigation and recommends 
a course of action: continue on to system analysis, modify the project in some 
manner and perhaps repeat the system investigation, or drop the project alto- 
gether. See Figure 13.6. A typical table of contents for a system investigation 
report is shown in Figure 13.7. 
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FIGURE 13.6 Redefine project and Continue 


System investigation pepo investigation 


recommendation es 
The system investigation report 

summarizes the results of the sys- 

tem investigation and recommends i 


a course of action. ~ Drop project 


Lá 


© Stuart Miles/Shutterstock.com 


Systems Investigation Report 
Table of Contents 


EXECUTIVE SUMMARY 
DESCRIPTION OF OPPORTUNITY 


PROJECT SCOPE 
BUSINESS REQUIREMENTS 
ISSUES AND CONSTRAINTS 
FEASIBILITY ANALYSIS 
RECOMMENDATION 

NEXT STEPS 


FIGURE 13.7 
Table of contents for a system investigation report 
A typical system investigation report begins with an executive summary and ends with a list of 
next steps. 


Review Results of Investigation with Steering Team 

The system investigation report is reviewed with the steering team to gain their 
input and counsel. Typically, the written report is shared in advance and then 
the project manager and selected members of the team meet with the steering 
team to present their recommendations. 

After the project review, the steering team might agree with the recom- 
mendations of the system development team, or it might suggest a change 
in project focus to concentrate more directly on meeting a specific company 
objective. Another alternative is that everyone might decide that the project is 
not feasible and thus cancel the effort. This input is used to finalize the system 
investigation report. 
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system analysis: The phase of 
system development that focuses on 
gathering data on the existing system, 
determining the requirements for the 
new system, considering alternatives 
within identified constraints, and 
investigating the feasibility of 
alternative solutions. 


System Analysis 


After a project has completed the investigation phase and been approved for 
further study, the next step is to answer the question, “What must the infor- 
mation system do to solve the problem or capitalize on the opportunity?” The 
overall emphasis of the system analysis is on gathering data on the existing 
system, determining the requirements for the new system, considering alterna- 
tives within identified constraints, and investigating the feasibility of alternative 
solutions. The primary outcome of system analysis is a prioritized list of system 
requirements and a recommendation of how to proceed with the project. The 
steps in the system analysis phase are outlined next and discussed in the fol- 
lowing pages. Note that many of the steps were also performed during system 
investigation: 


Identify and recruit team leader and team members. 
Develop budget and schedule for system analysis activities. 
Study existing system. 

Develop prioritized set of requirements. 

Identify and evaluate alternative solutions. 

Perform feasibility analysis. 

Prepare draft of system analysis report. 

Review results of system analysis with steering team. 


ANAYWR WN = 


The Los Angeles Police Department (LAPD) is comprised of over 9000 
officers and serves 3.9 million residents spread across the 485-square miles 
of the city of Los Angeles. The LAPD conducted a system analysis to define 
the requirements for a Use of Force System (UOFS) to monitor officer per- 
formance and behavior. The UOFS collects information about each use of 
force incident including suspect, officer, and witness data. The application 
applies a series of business rules that trigger a review and investigation into 
the use of force by appropriate parties, often by multiple levels of LAPD 
management.” 


Identify and Recruit Team Leader and Team Members 


In many cases, there is some personnel turnover when a project moves from 
the system investigation phase to the system analysis phase. Some project 
team members may no longer be available to participate in the project, and 
new members with a different set of skills and knowledge may be required. 
So, the first step in system analysis is to identify and recruit the team leader 
and members. Ideally, some members of the original investigation team will 
participate in the system analysis to provide project continuity. 


Develop Budget and Schedule for System Analysis Activities 

After the participants in the system analysis phase are determined, the team 
develops a list of specific objectives and activities required to complete the 
system analysis. The team also establishes a schedule—complete with major 
milestones to track project progress. The group also prepares a budget of the 
resources required to complete the system analysis, including any required 
travel expenses as well as funds to cover the use of outside resources. 


Study Existing System 

The purpose of studying the system is to identify the strengths and weaknesses 
of the existing system and examine current inputs, outputs, processes, security 
and controls, and system performance. While analysis of the existing system 
is important to understanding the current situation, the study team must rec- 
ognize that after a point of diminishing returns, further study of the existing 
system will fail to yield additional useful information. 
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Internal and external sources 
of data for system analysis 
JAD sessions, direct observation, 
and surveys are often used to 
uncover data from the various 
sources. 
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Many useful sources of information about the existing system are available, 


as shown in Figure 13.8. JAD sessions, direct observation with one or more 
members of the analysis team directly observing the existing system in action, 
and surveys are often used to uncover pertinent information from the various 
sources. 


Internal External 
Sources Sources 


Users, stakeholders, Customers 
and managers 


Suppliers 
Organization 


charts Stockholders 


Forms and Government 
documents agencies 


Procedure manuals Competitors 
and policies 


Outside groups 
Financial 


reports Journals, etc. 


IS manuals Consultants 


Other measures of 
business process 


Develop Prioritized Set of Requirements 


The purpose of this step is to determine user, stakeholder, and organizational 
needs for the new or modified system. A set of requirements must be determined 
for system processes (including inputs, processing, outputs, and feedback), 
databases, security and controls, and system performance. See Figure 13.9. As 
requirements are identified, an attempt is made to prioritize each one by using 
the following categories: 


Critical. Almost all users agree that the system is simply not acceptable 
unless it performs this function or provides this capability. Lack of a criti- 
cal feature or capability would cause users to call a halt to the project. 
High priority. Most users have a list of high-priority items that they feel 
are must-have requirements, even if they are not critical. Although such 
items would not stop the project from moving forward, they are iden- 
tified as requirements for which there is no workaround. These are the 
items that the development team should focus on first in the list of proj- 
ect details. 

Medium priority. Most users agree that although their work will be 
somewhat impaired, the system will still be effective without features or 
capabilities identified as medium priority. Some users may argue strongly 
for this feature or capability, but in the end, would want the project to 
continue even without this capability. 

Low priority. Most users agree that their ability to use the system to 
accomplish their work will only be minimally impaired by lack of a 
low-priority feature or capability, although it would be “nice to have.” 
Almost no user argues strongly for this feature or capability. 
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FIGURE 13.9 


Defining system requirements 


System requirements must be 
checked for consistency so that 
they all fit together. 


data-flow diagram (DFD): A 
diagram used during both the analysis 
and design phases to document the 
processes of the current system or to 
provide a model of a proposed new 
system. 


Processes 


zentilia/Shutterstock.com 


Identifying, confirming, and prioritizing system requirements is perhaps 
the single most critical step in the entire Waterfall system development pro- 
cess because failure to identify a requirement or an incorrect definition of a 
requirement may not be discovered until much later in the project, causing 
much rework, additional costs, and delay in the system effort. 

The use of JAD sessions with a cross section of users and stakeholders 
in the project is an effective way to define system requirements. A technique 
often used in a JAD session is to ask managers and decision makers to list only 
the factors that are critical to the success of their areas of the organization. A 
critical success factor (CSF) for a production manager might be adequate raw 
materials from suppliers, while a CSF for a sales representative could be a list of 
customers currently buying a certain type of product. Starting from these CSFs, 
the processes, databases, security and control, and performance requirements 
associated with each CSF can be identified. 


Processes 


The functional decomposition performed during the investigation phase iden- 
tifies most of the processes to be included within the scope of a new system. 
Now, to avoid project delays, the processes must be further defined so that 
they will be practical, efficient, economical, accurate, and timely. In addition, 
the individuals or organizations responsible for completing each step in the 
process must be identified. 

A process requires input that it uses to create output. Often, feedback is gen- 
erated. The questions that need to be answered during system analysis are “What 
data entities are required, where will this data come from, what methods will be 
used to collect and enter the data, who is responsible for data input, and what edits 
should be performed on the input data to ensure that it is accurate and complete?” 
Another important consideration is the creation of an audit trail that records the 
source of each data item, when it entered the system, and who entered it. The audit 
trail may also need to capture when the data is accessed or changed and by whom. 

Because the success of a new system is highly dependent upon the accept- 
ability of its output, the identification of common system outputs—such as 
printed reports, screens, and files—is critical to developing a complete set of 
system requirements. 


Data-Flow Diagram 


A data-flow diagram (DFD) is a diagram used during both the analysis and 
design phases to document the processes of the current system or to provide a 
model of a proposed new system. A DFD shows not only the various processes 
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within the system but also where the data needed for each process comes from, 
where the output of each process will be sent, and what data will be stored 
and where. The DFD does not provide any information about the process tim- 
ing (e.g., whether the various processes happen in sequence or are parallel). 

DFDs are easy to develop and are easily understood by nontechnical peo- 
ple. Data-flow diagrams use four primary symbols: 


e The data-flow line includes arrows that show the direction of data movement. 

e The process symbol identifies the function being performed (e.g., check 
status, issue status message). 

e The entity symbol shows either the source or destination of the data 
(e.g., customer, warehouse). 

e A data store symbol reveals a storage location for data (e.g., pending 
orders, accounts receivable). 


Figure 13.10 shows a level 1 DFD. Each of the processes shown in this 
diagram could be documented in more detail to show the subprocesses and 
create a level 2 DFD. Frequently, level 3 DFD diagrams are created and used 
in the analysis and design phases. 


Order In-stock request | WAREHOUSE 
À 
Status 
message 
Shipping 
Status data ™ 


Shipping 2.0 


confirmation 


Issue 
status 
messages 


Order data 


Payment 


Invoice Order data 


Accounting data Accounts receivable data 


Produce 
reports 


Inventory 
reports 


ACCOUNTING 


FIGURE 13.10 
Data-flow diagram 


A data-flow diagram documents the processes of the current system or provides a model of a 
proposed new system. 
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Entity-relationship (ER) 
diagram for a customer order 
database 

Development of ER diagrams helps 
ensure that the logical structure of 
application programs is consistent 
with the data relationships in the 
database. 


Databases 


Data modeling is the process of defining the databases that a system will draw 
data from as well as any new databases that it will create. The use of entity- 
relationship (ER) diagrams is one technique that is frequently used for this critical 
step. An ER diagram is used to show logical relationships among data entities, 
such as in Figure 13.11. An ER diagram (or any other modeling tool) cannot by 
itself fully describe a business problem or solution because it lacks descriptions of 
the related activities. It is, however, a good place to start because it describes entity 
types and attributes about which data might need to be collected for processing. 


Salesperson 


Serves 


ZN 


Customer 


Places 


Includes N Specifies 


Product 


Generates 


Invoice 


Security and Control 


Security and control considerations need to be an integral part of the entire 
system development process. Unfortunately, they are often treated as an after- 
thought—only addressed after system requirements have been defined and 
system design is well underway. This approach usually leads to problems that 
become security vulnerabilities, which can cause major security breaches result- 
ing in significant legal and system modification expenses. A more effective 
and less costly approach is to define security and control requirements when 
other system requirements are being identified. The following list provides 
examples of areas for which security and control requirements might need to 
be defined:* 


e Access controls, including controls to authenticate and permit access only 
to authorized individuals 

e Encryption of electronic customer information, including while in transit 
or in storage on networks or systems to which unauthorized individuals 
may have access 

e Dual control procedures, segregation of duties, and employee back- 
ground checks for employees with responsibilities for or access to cus- 
tomer, employee, or organization-sensitive information 

e Monitoring systems and procedures to detect actual and attempted 
attacks on or intrusions into information systems 

e Measures to protect against destruction, loss, or damage of customer, 
employee, or organization-sensitive data due to potential environmental 
hazards, such as fire and water damage, technological failures, or disas- 
ters such as hurricanes and terrorism 

e Business resumption procedures to get the system up and running with 
no major business disruption and with no loss of data in the event of a 
disaster (e.g., fire, hurricane, terrorism) 
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Context for new system 
security and control 
requirements 

New system security and control 
requirements must be developed 
within the organization’s existing 
policies, standards, and guidelines. 
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People with a special interest in security and control include the organi- 
zation’s internal auditors and members of senior management. They should 
provide input and advice during the system analysis and design phases. 

System security and control requirements need to be defined in the context 
of the organization’s existing policies, standards, and guidelines. See Figure 13.12. 
For example, the Gramm-Leach-Bliley Act requires companies legally defined 
as financial institutions to ensure the security and confidentiality of customer 
information. Thus, financial institutions have established policies, standards, and 
guidelines to which any new information system must adhere. 


e Corporate policies that define what 
actions to take and why 


e Baseline requirements 
that must be met by 
information systems 


Standards 


e Best practices to 
implement a security 
measure 


Guidelines 


e Descriptions of 
what to implement 
for this system 


New system requirements 


System Performance 


How well a system performs can be measured through its performance require- 
ments. Failure to meet these system performance requirements results in unpro- 
ductive workers, dissatisfied customers, and missed opportunities to deliver 
outstanding business results. System performance is usually determined by 
factors such as the following: 


e Timeliness of output. Is the system generating output in time to meet 
organizational goals and operational objectives? After GEICO began 
advertising that consumers could save 15 percent on auto insurance in 
just 15 minutes, speed became a key factor for many people when select- 
ing an insurance company. Nationwide touts its online tool as the fastest 
path to a quick car insurance quote, and The General insurance company 
boasts, “Give us two minutes and we’ll give you an auto insurance quote.” 

e Ease of use. Developing applications that managers and employees can 
easily learn and use is essential to ensure that people will work with the 
applications productively. 

e Scalability. A scalable information system can handle business growth and 
increased business volume without a noticeable degradation in performance. 

e System response time. The average response time for frequent online 
transactions is a key factor in determining worker productivity and cus- 
tomer service. 

e Availability. Availability measures the hours per month the system is 
scheduled to be available for use. Systems typically must be unavailable 
a few hours a week to allow for software upgrades and maintenance. 

e Reliability. Reliability measures the hours the system is available for 
use divided by the hours the system is scheduled to be available and is 
expressed as a percentage. Worker productivity decreases and customer 
dissatisfaction increases as system reliability decreases. 
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Pareto principle: An observation 
that for many events, roughly 80 
percent of the effects come from 20 
percent of the causes. 


Identify and Evaluate Alternative Solutions 


The analysis team must think creatively and consider several system solution 
options. By looking at the problem in new or different ways, questioning cur- 
rent assumptions and the way things are done today, and removing constraints 
and barriers, the team is free to identify highly creative and effective infor- 
mation system solutions. Such critical analysis requires unbiased and careful 
questioning of whether system elements are related in the most effective ways, 
considering new or different relationships among system elements, and pos- 
sibly introducing new elements into the system. Critical analysis also involves 
challenging users about their needs and determining which are truly critical 
requirements rather than “nice to have” features. 

The Pareto principle (also known as the 80-20 rule) is a rule of thumb 
used in business that helps people focus on the vital 20 percent that generate 
80 percent of the results. This principle means that 80 percent of the desired 
system benefits can be achieved by implementing 20 percent of the system 
requirements. An 80-20 option will have a low cost and quick completion 
schedule relative to other potential options. However, this option may not be an 
ideal solution and may not even be acceptable to the users, stakeholders, and 
the steering team who may be expecting more. Additional candidate solutions 
can be defined that implement all or most of the critical priority system require- 
ments and team-selected subsets of the medium and low-priority requirements. 
Table 13.6 illustrates some of the many potential candidates the analysis team 
may want to evaluate. 


TABLE 13.6 Additional candidates for system analysis 


Customize 
Software 
Scope of System Build System Package 
Build system that meets all critical require- Option #1 
ments, but no medium or low priority 
requirements 
Modify package so that it meets all critical Option #2 
requirements, but no medium or low priority 
requirements 
Build system that meets 20 percent of all Option #3 


requirements that will provide 80 percent of 
the system benefits 


Modify package so that it meets 20 percent of Option #4 
all requirements that will provide 80 percent of 
the system benefits 


Implement software package as is, with no Option #5 
customization to enable it to meet unique 
requirements 


Perform Feasibility Analysis 


At this stage in the system development process, the project team has identified 
several promising solutions based on implementing all or most of the critical 
requirements and various subsets of the medium and low-priority requirements. 
The feasibility analysis conducted during the investigation phase is repeated 
for each of the candidate solutions the team wants to consider. At this stage, 
the analysis can be more in-depth because more is known about the system 
and its requirements, as well as the costs and benefits of the various options. 
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FIGURE 13.13 


Typical table of contents for a 


report on an existing system 
The system analysis report is a 
more detailed version of the system 
investigation report. 


system design: The stage of 
system development that answers the 
question, “How will the information 
system solve a problem?” 
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Prepare Draft of System Analysis Report 


System analysis concludes with a formal system analysis report summarizing 
the findings of this phase of the project. The table of contents for a typical 
system analysis report is shown in Figure 13.13. This report is a more detailed 
version of the system investigation report. At this phase of the project, the costs 
and benefits of the project should be fairly accurate, certainly more accurate 
than at the end of the investigation phase. 


Systems Analysis Report 
Table of Contents 


EXECUTIVE SUMMARY 
DESCRIPTION OF OPPORTUNITY 


Œ = PROJECT SCOPE 
BUSINESS REQUIREMENTS 
ISSUES AND CONSTRAINTS 
SUMMARY OF ALTERNATIVES CONSIDERED 


FEASIBILITY ANALYSIS 
RECOMMENDATION 


NEXT STEPS 


Review Results of System Analysis with Steering Team 


The system analysis report is presented to the project steering team with a 
recommendation to stop, revise, or go forward with the system development 
project. Following the steering team meeting, the project team incorporates the 
recommendations and suggested changes into the final report. It is not unusual 
for changes to the project scope, budget, benefits, or schedule to be requested 
based on the findings from the analysis phase. However, the project sponsor 
and the steering team must request and formally approve of any changes. 


System Design 


The purpose of system design phase is to answer the question, “How will 
the information system solve this problem?” The primary result of the system 
design phase is a technical design that details system outputs, inputs, controls, 
and user interfaces; specifies hardware, software, databases, telecommunica- 
tions, personnel, and procedures; and shows how these components are inter- 
related. In other words, system design creates a complete set of technical 
specifications that can be used to construct the information system. The steps 
in the system design phase are outlined next and discussed in the following 
pages. Again, note that many of the steps were performed in the investigation 
and system analysis phase but are now repeated with more current and com- 
plete information. 


Identify and recruit team leader and team members. 
Develop schedule and budget for system design activities. 
Design user interface. 

Design system security and controls. 

Design disaster recovery plan. 

Design database. 

Perform feasibility analysis. 

Prepare draft of system design report. 

Review results of system design with steering team. 


CS RNAYWRWN 
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Identify and Recruit Team Leader and Team Members 


Because some personnel turnover is likely when moving from the system analy- 
sis phase to the system design phase, the first step in system design is to identify 
and recruit the team leader and members. Ideally, some members of the system 
analysis team will participate in the system design to ensure project continuity. 


Develop Schedule and Budget for System Design Activities 

The system design team begins by developing a list of specific objectives and 
activities required to complete the system design phase. It also establishes a 
schedule complete with major milestones to track project progress. Some tasks 
may involve working with the steering team to resolve issues and questions 
raised during the review of the system analysis phase. The group also prepares 
a budget for completing the system design, including any required travel costs 
and funds to cover the use of outside resources. 


Design User Interface 


How users experience an information system determines whether the system 
will be accepted and used. In speaking about the importance of user interface 
design for Apple software products, Jef Raskin, an interface expert, once said, 
“As far as the customer is concerned, the interface is the product.”!” 

User interface design integrates concepts and methods from computer sci- 
ence, graphics design, and psychology to build interfaces that are accessible, 
easy to use, and efficient. Over the years, various authors have identified user 
interface design principles, including those listed in Table 13.7.'* 1? 


TABLE 13.7 Principles of good user interface design 


Principle How To Apply 


Strive for Consistent sequences of actions should be required in similar situations; identical terminology 

consistency should be used in prompts, menus, and help screens; and consistent commands should be 
employed throughout. 

Offer informative For every user action, there should be some system feedback. For frequent and minor actions, 

feedback the response can be modest, while for infrequent and major actions, the response should be 
more substantial. 

Offer simple error As much as possible, design the system so the user cannot make a serious error. If an error is 

handling made, the system should be able to detect the error and offer simple, comprehensible instruc- 
tions for handling the error. 

One primary action Every screen should support a single action of real value to the user. 

per screen 

Provide progressive Show only what is necessary on each screen. If the user is making a choice, show enough 

disclosure information to allow the user to choose, and then display details on a subsequent screen. 

Strive for aesthetic The graphic design elements used in an interface should be simple and clean, pleasant to 

integrity look at, and easy to understand. 


User interface design must consider several components. Most systems 
provide a sign-on procedure that requires identification numbers, passwords, 
and other safeguards to improve security and prevent unauthorized use. With 
a menu-driven system, users select what they want to do from a list of alter- 
natives. Most people can easily operate these types of systems. In addition, 
many designers incorporate a help feature into the system or program. When 
users want to know more about a program or software feature or what type 
of response is expected, they can activate the help feature. Systems often 
use lookup tables to simplify and shorten data entry. For example, if you are 
entering a sales order for a company, you can type its abbreviation, such as 
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User interface design 

Analysts can develop screen mock- 
ups and simulate how the user 
moves from screen to screen. 
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ABCO. The program searches the customer table, normally stored on a disk, 
the Internet, or other storage device, and looks up the information you need 
to complete the sales order for the company abbreviated as ABCO. 

Using screen painter software, an analyst can efficiently design the features, 
layout, and format of the user interface screens. See Figure 13.14. Several screens 
can be linked together to simulate how the user can move from screen to screen 
to accomplish tasks. Conducting an interactive screen design session with a few 
users at a time is an effective process for defining the system user interface. 


Africa Studio/Shutterstock.com 


Design System Security and Controls 

The system analysis phase identified areas where system security and controls 
need to be defined. During the design phase, designers must develop specific 
system security and controls for all aspects of the information system, including 
hardware, software, database systems, telecommunications, and Internet opera- 
tions, as shown in Table 13.8. Security considerations involve error prevention, 
detection, and correction; disaster planning and recovery; and systems controls. 
The goal is to ensure secure systems without burdening users with too many 
identification numbers and passwords for different applications. 


TABLE 13.8 Using systems controls to enhance security 


Controls Description 


Input controls Maintain input integrity and security; their purpose is to reduce errors while protecting the com- 
puter system against improper or fraudulent input. Input controls range from using standardized 
input forms to eliminate data-entry errors and using tight password and identification controls. 


Processing Deal with all aspects of processing and storage; the use of passwords and identification numbers, 
controls backup copies of data, and storage rooms that have tight security systems are examples of process- 
ing and storage controls. 


Output controls Ensure that output is handled correctly; in many cases, output generated from the computer system 
is recorded in a file that indicates the reports and documents that were generated, the time they 
were generated, and their final destinations. 


Database Deal with ensuring an efficient and effective database system; these controls include the use of 

controls identification numbers and passwords, without which a user is denied access to certain data and 
information. Many of these controls are provided by database management systems. 

Telecommunica- Provide accurate and reliable data and information transfer among systems; telecommunications 

tions controls controls include firewalls and encryption to ensure correct communication while eliminating the 
potential for fraud and crime. 

Personnel Ensure that only authorized personnel have access to certain systems to help prevent computer-related 

controls mistakes and crime; personnel controls can involve the use of identification numbers and passwords 


that allow only certain people access to data. ID badges and other security devices (such as smart 
cards) can prevent unauthorized people from entering strategic areas in the information systems facility. 
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disaster recovery plan: A 
documented process to recover an 
organization's business information 
system assets including hardware, 
software, data, networks, and facilities 
in the event of a disaster. 


mission-critical process: A 
process that plays a pivotal role in an 
organization’s continued operations 
and goal attainment. 


hot site: A duplicate, operational 
hardware system that is ready for use 
(or immediate access to one through a 
specialized vendor). 


After the controls are developed, they should be documented in standards 
manuals that indicate how to implement the controls. The controls should then 
be implemented and frequently reviewed. It is common practice to measure 
how often control techniques are used and to take action if the controls have 
not been implemented. Organizations often have compliance departments to 
make sure the IS department is adhering to its systems controls along with all 
local, state, and federal laws and regulations. 


Design Disaster Recovery Plan 


A disaster recovery plan is a documented process to recover an organiza- 
tion’s business information system assets including hardware, software, data, 
networks, and facilities in the event of a disaster. It is a component of the orga- 
nization’s overall business continuity plan, which also includes an occupant 
emergency plan, a continuity of operations plan, and an incident management 
plan. A disaster recovery plan focuses on technology recovery and identifies 
the people or the teams responsible for taking action in the event of a disaster, 
what exactly these people will do when a disaster strikes, and the information 
system resources required to support critical business processes. 

Disasters can be natural or manmade, as shown in Table 13.9. In perform- 
ing disaster recovery planning, organizations should think in terms of not being 
able to gain access to their normal place of business for an extended period, 
possibly up to several months. 


TABLE 13.9 Various disasters can disrupt business operations 


Intentional 


Man-Made 
Disaster Accidental Man-Made Disasters Natural Disasters 


Sabotage Auto accident knocks down power lines to Flood 
a data center 


Terrorism Backhoe digs up a telecommunications line Tsunami 
Civil unrest Operator error Hurricane/cyclone 
Fire Earthquake 


Volcanic eruption 


As part of defining the business continuity plan, organizations conduct 
a business impact analysis to identify critical business processes and the 
resources that support them. The recovery time for an information system 
resource should match the recovery time objective for the most critical busi- 
ness processes that depend on that resource. Some business processes are 
more pivotal to continued operations and goal attainment than others. These 
processes are called mission-critical processes. An order-processing system, 
for example, is usually considered mission-critical. Without it, the sales organi- 
zation cannot continue its daily activities, which generate the cash flow needed 
to keep the business operating. 

For some companies, personnel backup can be critical. Without the right 
number of trained employees, the business process can’t function. For informa- 
tion system hardware, hot and cold sites can be used as backups. A duplicate, 
operational hardware system that is ready for use (or immediate access to 
one through a specialized vendor) is an example of a hot site. If the primary 
computer has problems, the hot site can be used immediately as a backup. 
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cold site: A computer environment 
that includes rooms, electrical service, 
telecommunications links, data storage 
devices, and the like. 


failover: A backup technique that 
involves automatically switching 
applications and programs to a 
redundant or replicated server, 
network, or database to prevent 
interruption of service. 
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However, the hot site must be situated so that it will not be affected by the 
same disaster. Another approach is to use a cold site, which is a computer 
environment that includes rooms, electrical service, telecommunications links, 
data storage devices, and similar equipment. If a primary computer has a prob- 
lem, backup computer hardware is brought into the cold site, and the complete 
system is made operational. 

Cloud computing has added another dimension to disaster recovery plan- 
ning. If your organization is hit by a disaster, information systems that are 
running on the cloud are likely to be operational and accessible by workers 
from anywhere they can access the Internet. Data is also stored safely and 
securely at the site of the cloud-computing service provider, which could be 
hundreds of miles from the organization. On the other hand, if the cloud ser- 
vice provider is hit by a disaster, it may cause a serious business disruption 
for your organization even if it is otherwise unaffected by a distant disaster. 
Thus, part of the evaluation of a cloud service provider must include analysis 
of the provider’s disaster recovery plans. Also keep in mind that state or federal 
regulations, such as HIPAA, may dictate certain conditions of cloud storage, 
so organizations should be aware of where the data storage facility is located 
before signing contracts. 

Files and databases can be protected by making a copy of all files and 
databases changed during the last few days or the last week, a technique called 
incremental backup. This approach to backup uses an image log, which is a 
separate file that contains only changes to applications or data. Whenever an 
application is run, an image log is created that contains all changes made to 
all files. If a problem occurs with a database, an old database with the last 
full backup of the data, along with the image log, can be used to re-create the 
current database. 

Organizations can also hire outside companies to help them perform disas- 
ter planning and recovery. EMC, for example, offers data backup in its Recov- 
erPoint product.” For individuals and some applications, backup copies of 
important files can be saved online. Failover is another approach to backup. 
When a server, network, or database fails or is no longer functioning properly, 
failover automatically switches applications and other programs to a redundant 
or replicated server, network, or database to prevent an interruption of service. 
SteelEye’s LifeKeeper and Continuous Application Availability by NeverFail are 
examples of failover software.’! ” Failover is especially important for applica- 
tions that must always be operational. 

With $21.6 billion in revenue in the first quarter of 2019, Wells Fargo is 
one of the largest financial institutions in the United States. In an average 
quarter, Wells Fargo takes in more than $1 trillion in deposits and services 
29 million digital customers—including more than 23 million who use the 
bank’s mobile applications.” In February of 2019, a failure at the bank’s 
Minnesota server facility caused a nationwide operations outage that lasted 
24 hours. Smoke in the facility triggered a fire suppression system, resulting 
in the shutdown of all the servers at that location. The backup system that 
should have engaged another facility to take over operations failed—causing 
Wells Fargo’s online and mobile banking systems, ATM network, card pro- 
cessing system, and call center to go offline. According to Doron Pinhas, 
the chief technology officer at Continuity Software, “What most likely hap- 
pened is that Wells did not pay enough attention and did not have enough 
controls and prior testing in place to get operations back up and running in 
an acceptable time frame.” In the wake of this massive outage, Wells Fargo 
should expect to face additional regulatory scrutiny of its disaster recovery 
plans in the future.” 
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Design Database 


The database provides a user view of data and makes it possible to add 
and modify data, store and retrieve data, manipulate the data, and gener- 
ate reports. One of the steps in designing a database involves “telling” the 
database management system (DBMS) the logical and physical structure of 
the data and the relationships among the data for each user. Recall that 
this description is called a schema, and it is entered into the DBMS using a 
data definition language. A data definition language (DDL) is a collection of 
instructions and commands that define and describe data and relationships 
in a specific database. 

Another important step in designing the database is to establish a data 
dictionary, a detailed description of all data used in the database. A data 
dictionary is valuable in maintaining an efficient database that stores reli- 
able information with no redundancy, and it makes it easy to modify the 
database when necessary. Data dictionaries also help computer and system 
programmers who require a detailed description of data elements stored 
in a database create the code to access the data. Adhering to the standards 
defined in the data dictionary also makes it easy to share data among 
various organizations without the need for extensive data scrubbing and 
translation. 


Perform Feasibility Analysis 


As a result of the work done during the design phase, the project team has 
a much better understanding of what it will take to build the system, how it 
will operate, and what benefits it can deliver. It is appropriate to reassess the 
technical, economic, legal, operational, and schedule feasibility based on these 
new learnings. 


Prepare Draft of System Design Report 


System design concludes with a formal system design report summarizing the 
findings of this phase of the project. Any changes from the system analysis find- 
ings are highlighted and explained. The table of contents for a typical system 
design report is shown in Figure 13.15. This report is a more detailed version 
of the system investigation report. 


Systems Design Report 
Table of Contents 


EXECUTIVE SUMMARY 
DESCRIPTION OF OPPORTUNITY 

== = PROJECT SCOPE 
BUSINESS REQUIREMENTS 
ISSUES AND CONSTRAINTS 
SUMMARY OF ALTERNATIVES CONSIDERED 
ALTERNATIVE RECOMMENDED 
FEASIBILITY ANALYSIS 
RECOMMENDATION 


NEXT STEPS 


FIGURE 13.15 
Typical table of contents for a system design report 
The system design report is a more detailed version of the system investigation report. 
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system construction: The phase 
of system development that converts 
the system design into an operational 
system by acquiring and installing 
hardware and software, coding and 
testing software programs, creating 
and loading data into databases, and 
performing initial program testing. 
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Review Results of System Design with Steering Team 

The system design report is presented to the project steering team with a 
recommendation to stop, revise, or go forward with the system development 
project. The steering team carefully reviews the recommendations because if 
the project is to proceed, considerable human and financial resources will be 
committed, and legally binding vendor contracts will be signed. Following the 
steering team meeting, the project team incorporates the recommendations and 
changes suggested into the final report. 

At the end of the design phase, organizations employing the Waterfall 
system development process freeze the scope and the user and business 
requirements. Any potential changes that are identified or suggested after 
this point must go through a formal scope change process. This process 
requires the organization to assess how the proposed changes affect the 
project feasibility, cost, and schedule. It may be necessary to rerun cost/ 
benefit analyses to ensure that the project is still financially viable. Next, 
the proposed changes are presented to the project steering team along with 
their associated costs and schedule impact. The steering team must approve 
the changes before the project team can begin work to incorporate them 
into the current design. Frequently, the steering team disapproves changes 
to ensure that the project is completed without exceeding the current budget 
and schedule. If the steering team approves the changes, however, the project 
team might need to repeat portions of the system analysis and design phases 
to incorporate the changes. 


Construction 


The system construction phase follows the completion of the system design 
phase when the project steering team approves of proceeding with the project. 
System construction converts the system design into an operational system by 
coding and testing software programs, creating and loading data into databases, 
and performing initial program testing. These steps are outlined next and are 
discussed in the following sections: 


1. Code software components 
2. Create and load data 
3. Perform unit testing 


Code Software Components 


Software code must be written according to defined design specifications so 
that the system meets user and business needs and operates in the manner 
the user expects. Most software development organizations use a variety of 
software tools to generate program source code that conforms to those specifi- 
cations. The following list includes a sampling of these types of software tools: 


e Some template-driven code generators can create source code auto- 
matically. CodeSmith Generator is an example of a template-driven 
code generator that automates the creation of common application 
source code for several languages (e.g., C#, Java, VB, PHP, ASP. 

NET, and SQL). The templates are designed to create typical types 
of business programs. Developers using CodeSmith Generator can 
modify a template or create a customized template to generate 
necessary code.” 

e Screen-painter programs are used to design new data-entry screens for 
software applications. This easy-to-use software allows developers to cre- 
ate screens by “painting” them and then using “dialogue boxes” to define 
the characteristics of the data that goes in each field. 
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technical documentation: 
Written details used by computer 
operators to execute the program and 
by analysts and programmers to solve 
problems or modify the program. 


user documentation: Written 
descriptions developed for people who 
use a program; in easy-to-understand 
language, it shows how the program 
can and should be used to meet the 
needs of its various users. 


e Menu-creation software allows users to develop and format menus with 
features such as color palettes, graphics characters, automatically gener- 
ated boxes, headings, and system variables. 

e Report generator software captures an image of a desired report and 
generates the code to produce that report based on the database 
and database schema you are using. In many cases, users can design and 
code reports with this software. 


DataLab Consulting is a leading financial firm in Uruguay whose main 
product is a credit card. As such, it must manage its data efficiently and effec- 
tively to maintain its customer base. In this highly competitive market, there 
was a need for rapid application development. DataLab turned to GeneXus, 
a multi-language development platform. GeneXus is a software generator 
that works on the Agile platform to create everything from the database to 
the end software product. GeneXus works with multiple environments, such 
as IBM, SQL, and Microsoft languages to allow for the rapid development 
needs of DataLab. DataLab used the GeneXus platform for the development 
of a data analysis system to track customer’s habits, history of payments and 
purchases, their preferences, and their portfolios. This has allowed Data- 
Lab to retain its customer base and maximize the turnover of its customers’ 
investments.”° 

An organization also needs useful software documentation to accompany 
the software code. Technical documentation includes written details that com- 
puter operators follow to execute the program and that analysts and program- 
mers use to solve problems or modify the program. Technical documentation 
explains the purpose of every major piece of computer code. It also identifies 
and describes key variables. 

User documentation is developed for the people who use the system. 
In easy-to-understand language, this type of documentation shows how the 
program can and should be used to perform user tasks. Linx Software pro- 
duces LinxCRM, a customer relationship management system. The company 
implemented special software to help it create high-quality user documentation 
including annotated screen shots from the system. Linx also created a video 
to help train users.” 


Create and Load Data 


This step of the construction phase involves making sure that all files and 
databases are populated and ready to be used with the new information sys- 
tem. Data for the initial loading of a new database may come from several 
sources—the old files or database of the system being replaced, from files of 
other systems used in the organization, or from data sources purchased from 
an outside organization. In any case, it may be necessary to write at least one 
new program to read the old data from these sources, reformat the data into 
a format compatible with the database design of the new system, and then 
merge these data sources together. Another program may be needed to edit 
the merged data for accuracy and completeness and to add new entities, attri- 
butes, and/or relationships. For example, if an organization is installing a new 
customer relationship management program, a program might need to read 
the old customer contact data and convert it a format that the new system 
can use. However, if the old customer contact data does not format or contain 
the same data, such as a separate “bill to” and “ship to” address for existing 
customers, this data may need to be added manually. The “bill to” address may 
be used to calculate to which of the organization’s sales regions the customer 
belongs for sales reporting and accounting purposes. For many project, con- 
siderable time and effort is expended in creating and loading a new database. 
See Figure 13.16. 
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FIGURE 13.16 
Database preparation tasks 
Creating and loading a new database can take considerable resources. 


Perform Unit Testing 


With the programs written and the database available, it is now possible for 
the developers to do initial testing of code components. This process is called 
unit testing: Testing of individual unit testing, which involves testing individual components of code (sub- 
components of code (subroutines, routines, modules, and programs) to verify that each unit performs as designed. 
modules, and programs) to verify that Unit testing is accomplished by developing test data that ideally will force an 
each unit performs as designed. METI 2 : z 
individual component to execute all its various functions and user features. In 
addition, each program is tested with abnormal input to determine how it will 
handle erroneous input. As testers find problems, they modify the programs to 
work correctly. A good set of unit tests can be saved and rerun each time any 
code is changed to quickly detect any new defects. 


Integration and Testing 


Several types of testing must be conducted before a new or modified informa- 
tion system is ready to be put into production. These tests are outlined next 
and discussed in the following sections: 


1. Integration testing 

2. System testing 

3. Volume testing 

4. User acceptance testing 
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integration testing: Testing 

that involves linking all the individual 
components together and testing them 
as a group to uncover any defects 

in the interfaces between individual 
components. 


system testing: Testing the 
complete, integrated system 
(hardware, software, databases, 
people, and procedures) to validate 
that the information system meets all 
specified requirements. 


volume testing: Testing to evaluate 
the performance of the information 
system under varying yet realistic 

work volume and operating conditions 
to determine the work load at which 
system performance begins to degrade 
and to identify and eliminate any 
issues that prevent the system from 
reaching its required service-level 
performance. 


user acceptance testing 
(UAT): Testing performed by trained 
system users to verify that the system 
can complete required tasks in a 
real-world operating environment 
and perform according to the system 
design specifications. 


Integration Testing 

Integration testing involves linking individual components together and test- 
ing them as a group to uncover any defects in the interface between one 
component and another (e.g., component 1 fails to pass a key parameter to 
component 2). Even if unit testing is successful, developers cannot assume that 
individual components can be combined into a working system. Unfortunately, 
one component that functions incorrectly can affect another component and, if 
these problems go undetected, they can cause serious trouble later. 


System Testing 

System testing involves testing the complete, integrated system (hardware, 
software, databases, people, and procedures) to validate that the information 
system meets all specified requirements. System testing is often done by inde- 
pendent testers who were not involved in developing program code. They 
attempt to make the system fail. They frequently employ testing called black 
box testing because it requires no specific knowledge of the application’s code 
and internal logic. In other words, the system tester is aware of what the soft- 
ware is supposed to do but is not aware of how it does it. 


Volume Testing 


Volume testing involves evaluating the performance of the information system 
under varying yet realistic work volume and operating conditions (e.g., data- 
base size, number of concurrent users, number of transactions, and number of 
queries). The goals of volume testing are to determine the work load at which 
systems performance begins to degrade and to identify and eliminate any issues 
that prevent the system from reaching its required system-level performance. 


User Acceptance Testing 


During user acceptance testing (UAT), trained users test the information 
system to verify that it can complete required tasks in a real-world operating 
environment and perform according to the system design specifications. UAT 
is also known as beta testing, application testing, and end-user testing. Unlike 
system testing, which ensures that the system itself works, UAT determines 
whether the system meets its intended business needs. 

UAT is a critical activity that must be completed successfully before newly 
developed software can be rolled out to the market. In the case of implement- 
ing a software package or software developed by an outside organization, 
the customer performs user acceptance testing before accepting transfer of 
ownership. UAT involves the following steps: 


1. The UAT test team is selected from the set of likely users. 

2. The UAT test team is trained using the currently available training material. 

3. The overall UAT strategy and schedule is defined. 

4. The UAT team designs test cases to exercise the functions and features 
of the information system. 

5. The test cases are documented in a clear and simple step-by-step man- 
ner to make the tests easy to execute. 

6. The UAT team executes the defined test cases and documents the 
results of each test. 

7. The software development team reviews the test results and makes 
any required changes to the code, so it meets the design specifications. 

8. The UAT team retests the information system until all defects have been 
fixed or it is agreed that certain defects will not be fixed. 

9. The UAT team indicates its acceptance or nonacceptance of the infor- 
mation system. If accepted, the information system is ready to be fully 
implemented. 

10. The UAT team provides feedback on the user training material so it can 
be updated and improved. 
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user acceptance document: A 
formal agreement that the organization 
signs stating that a phase of the 
installation or the complete system is 
approved. 
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Prior to releasing a new software package or a major revision of an exist- 
ing package, commercial software development organizations conduct alpha 
and beta testing. Alpha testing is a limited internal acceptance test where 
employees of the software development organization and a limited number of 
other “friendlies” use the software and provide feedback. After fixing problems 
uncovered in alpha testing, the developer makes a beta test version of the soft- 
ware available to potential users outside the organization. For example, Micro- 
soft might make a free beta test version of software available on the Internet 
to increase the amount of feedback it receives. 

Most software manufacturers and third-party software developers have a 
user acceptance document—a formal agreement the end user organization 
signs stating that a phase of the installation or the complete system is approved. 
This is a legal document that usually removes or reduces the IS vendor’s lia- 
bility for problems that occur after the user acceptance document has been 
signed. Because this document is so important, many companies get legal 
assistance before they sign it. Stakeholders can also be involved in acceptance 
testing to make sure that their benefits are indeed realized. 

Table 13.10 summarizes five types of testing: unit testing, integration test- 
ing, system testing, volume testing, and user acceptance testing. 


TABLE 13.10 Tests conducted on an information system 


Form of Test 


What Is Tested 


Purpose of Test Who Does It 


Unit Test individual units of the Verify that each unit performs Software developers 
system. as designed. 

Integration Test all the individual units of | Uncover any defects between Software developers or inde- 
the information system linked individual components of the pendent software testers, using 
together. information system. black box testing measures 

System Test the complete, integrated Validate that the information Independent test team, 
system (hardware, software, system meets all specified separate from the software 
databases, people, and requirements. development team 
procedures). 

Volume Evaluate the performance Determine the work load at System development team and 
of the information system which system performance members of the operations 
under realistic and varying begins to degrade and iden- organization 
work volume and operating tify and eliminate any issues 
conditions. that prevent the system from 

performing at the required 
service level. 
User Acceptance Test the complete, integrated Verify the information sys- Trained users of the system 


system (hardware, software, 
databases, people, and 
procedures). 


tem can complete required 
tasks in a real-world oper- 
ating environment and do 
this according to the system 
design specifications. 


Implementation 


Several steps are involved in system implementation. These are outlined next 


and discussed in the following sections. 


1. User preparation 
2. Site preparation 


3. Installation 


4. Cutover 
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user preparation: The process 
of readying managers, decision 
makers, employees, other users, and 
stakeholders to accept and use the 
new system. 


User Preparation 


User preparation is the process of readying managers, decision makers, 
employees, system users, and stakeholders to accept and use the new system. 
Ideally, user preparation begins in the early stages of system investigation and 
continues through implementation. 

The major challenges to successful implementation of an information sys- 
tem are often more behavioral than technical. Successfully introducing an infor- 
mation system into an organization requires a mix of organizational change 
skills and technical skills. Strong, effective leadership is required to overcome 
the behavioral resistance to change and achieve a smooth and successful 
system introduction. 

The dynamics of how change is implemented can be viewed in terms of 
the Lewin and Schein three-stage model for change: (1) ceasing old habits and 
creating a climate that is receptive to change; (2) learning new work methods, 
behaviors, and systems; and (3) reinforcing changes to make the new process 
second nature, accepted, and part of the job. 

Leavitt’s Diamond is a change model that proposes that every organiza- 
tional system is made up of people, tasks, structure, and technology—any 
change in one of these elements will necessitate a change in the other three 
elements. Thus, to successfully implement a new information system, appro- 
priate changes must be made to the people, structure, and tasks affected by 
the new system. People must be convinced to take a positive attitude to the 
change and be willing to exhibit new behaviors consistent with the change. 
Management might need to modify the reward system to recognize those who 
exhibit the desired new behaviors. Training in any required new skills is also 
necessary. 

Recall that the technology acceptance model (TAM) specifies the factors 
that can lead to better attitudes about the use of a new information system, 
along with its higher acceptance and usage. Perceived usefulness and per- 
ceived ease of use strongly influence whether someone will use an informa- 
tion system. Management can improve that perception by demonstrating that 
others have used the system effectively and by providing user training and 
support. 

The diffusion of innovation theory cautions that adoption of any inno- 
vation does not happen all at once for all members of the targeted popula- 
tion. Instead, adoption is a drawn-out process, with some people adopting the 
innovation more quickly than others. Rogers’ diffusion of innovation theory 
defined five categories of adopters, each with different attitudes toward inno- 
vation. This theory can be useful during the user preparation step of system 
implementation. 

Because user training is so important, some companies employ a variety 
of training approaches including in-house, software, video, Internet, among 
others. The material used to train the UAT team can serve as a starting point, 
with changes based on feedback from the test team. 

The eventual success of any system depends not only on how users work 
with it, but how well the IS personnel within the organization can operate 
and support it. The IS personnel should also attend training sessions similar 
to those for the users, although their sessions can provide more technical 
details. Effective training will help IS personnel use the new system to per- 
form their jobs and support other users in the organization. Many companies 
use online and simulated training programs to cut training costs and improve 
effectiveness. 
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site preparation: Preparation of 
the location of a new system. 


installation: The process of 
physically placing the computer 
equipment on the site and making it 
operational. 


cutover: The process of switching 
from an old information system to a 
replacement system. 


direct conversion: A cutover 
strategy that involves stopping the old 
system and starting the new system 
on a given date; also called plunge or 
direct cutover. 
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Site Preparation 

A location for the hardware associated with the new system needs to be pre- 
pared, a process called site preparation. For a small system, site preparation 
can be as simple as rearranging the furniture in an office to make room for 
a computer. The computer and associated hardware in a larger system might 
require special wiring, air conditioning, or construction. A special floor, for 
example, might have to be built and cables placed under it to connect the 
various computer components, and a new security system might be needed 
to protect the equipment. The project team needs to consider the amount of 
site preparation that may be necessary and build sufficient lead time into the 
schedule to allow for it. 

Today, most organizations place a priority on developing IS sites that are 
energy efficient and secure. One company, for example, installed special secu- 
rity kiosks that let company visitors log on and request a meeting with a 
company employee. The employee can see the visitor on his or her computer 
screen and accept or reject the visitor. If the visitor is accepted, the kiosk prints 
a visitor pass, which allows the person access to the building. 

Cyxtera, a large infrastructure and data center company with over 3,500 
customers, has recently expanded its data centers in five major markets across 
North America. As part of its expansion, the company has implemented new 
security measures that include security cabinets, security cages, and updated 
compliance standards.” 


Installation 

Installation is the process of physically placing the computer equipment on 
the site and making it operational. Although the manufacturer is normally 
responsible for installing computer equipment, someone from the organiza- 
tion (usually the IS manager) should oversee the process, making sure that all 
equipment specified in the contract is installed at the proper location. After the 
system is installed, the manufacturer performs several tests to ensure that the 
equipment is operating as it should. 


Cutover 


Cutover is the process of switching from an old information system to a 
replacement system. Cutover is critical to the success of the organization; if 
not done properly, the results can be disastrous. 

Hershey’s, the largest chocolate manufacturer in North America, provides 
a classic example of a failed system cutover. The company planned to upgrade 
a mix of older existing, or “legacy,” information systems into an integrated 
environment of the latest software from leading vendors, including SAP for 
ERP functionality, Manugistics for supply chain management, and Siebel for 
customer relationship management. The cutover was targeted for July, one of 
the company’s busiest months, when it was shipping orders for Halloween and 
Christmas. Unfortunately, Hershey’s was not well prepared, and the cutover was 
a fiasco. As a result, Hershey was unable to process over $100 million worth 
of orders. The resulting operational paralysis led to nearly a 20 percent drop 
in quarterly profits and an 8 percent decline in share price. 

Organizations can follow one of several cutover strategies. See Figure 13.17. 
Direct conversion (also called plunge or direct cutover) involves stopping the 
old system and starting the new system on a given date. Direct conversion is 
high-risk approach because of the potential for problems and errors when the 
old system is shut off and the new system is turned on at the same instant. 
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FIGURE 13.17 
System cutover strategies 
Cutover can be through direct 
conversion, phase-in approach, 
pilot start-up, or parallel start-up. 


phase-in approach: A cutover 
strategy that involves slowly replacing 
components of the old system with 
those of the new one; this process 

is repeated for each application 

until the new system is running 

every application and performing as 
expected; it is also called a piecemeal 
approach. 


pilot start-up: A cutover strategy 
that involves running the complete new 
system for one group of users rather 
than for all users. 


parallel start-up: A cutover 
strategy that involves running both 

the old and new systems for a set 
period of time and closely comparing 
the output of the new system with 

the output of the old system; any 
differences are reconciled. When users 
are comfortable that the new system 

is working correctly, the old system is 
eliminated. 
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Many organizations follow a phase-in approach, where components of 
the new system are slowly phased in while components of the old one are 
slowly phased out. When everyone is confident that all components of the new 
system are performing as expected, the old system is completely phased out. 
This gradual replacement is repeated for each component until the new system 
has fully replaced the old system. In some cases, the phase-in approach, also 
called a piecemeal approach, can take several months. 

Pilot start-up involves running the complete new system for one group 
of users rather than for all users. For example, a manufacturing company 
with many retail outlets throughout the country could use the pilot start-up 
approach and install a new inventory control system at one of its retail outlets. 
When the system runs without problems at the pilot location, the new inven- 
tory control system can then be implemented at other outlets, one by one. 

Parallel start-up involves running both the old and new systems for a set 
period of time. The performance and output of the new system are compared 
closely with the performance and output of the old system, and any differences 
are reconciled. When users are comfortable that the new system is working 
correctly, the old system is eliminated. 

The dormakaba Group is a large security and access firm located in 
Riimlang, Switzerland. With over 16,000 employees and CHF 402 million in 
revenue, dormakaba is one of the largest providers of access and security solu- 
tions for hospitals, airports, and hotels.” In January of 2018, dormakaba was 
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system operation: The use of a 
new or modified system under all kinds 
of operating conditions. 


monitoring: The process of 
measuring system performance 

by tracking the number of errors 
encountered, the amount of memory 
required, the amount of processing 
or CPU time needed, and other 
performance indicators. 
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recognized as one of the Top 100 Global Technology Leaders by Thompson 
Reuters for its complex business strategies.*° When developing their technol- 
ogy, dormakaba turn to the SAP cloud platform. The dormakaba jay cloud is 
available using SaaS to allow them to deliver high-quality customer service 
while maintain their competitive edge.*! 

One of the success stories from the dormakaba Group is from the Stid- 
zucker AG company. A combination of cutover strategies was used to imple- 
ment the new system for recording time attendance and operational data. 
Südzucker AG is one of the largest sugar producers in Europe and is headquar- 
tered in Germany. A phased-in approach was used for the locations in Germany. 
Once successful, a direct conversion was used for the remaining world-wide 
locations. Both implementation strategies proved successful.*? 


System Operation and Maintenance 


The steps involved in system operation and maintenance are outlined next and 
discussed in the following sections: 


1. Operation 
2. Maintenance 
3. Disposal 


Operation 


System operation involves the use of a new or modified system under all 
kinds of operating conditions. Getting the most out of a new or modified 
system during its operation is the most important aspect of system operations 
for many organizations. To provide adequate user support, many companies 
establish a formal help desk for their employees and customers. A help desk 
consists of computer systems, manuals, people with technical expertise, and 
other resources needed to solve problems and give accurate answers to ques- 
tions. End users who experience problems accessing or using an information 
system, can access the help desk’s Web site or request support via a call or 
text to the help desk. 

Monitoring is the process of measuring system performance by tracking 
the number of errors encountered, the amount of memory required, the amount 
of processing or CPU time needed, and other performance indicators. If a 
system is not performing as expected, it should be modified, or a new system 
should be developed or acquired. 

System performance products can measure all components of an informa- 
tion system, including hardware, software, database, telecommunications, and 
network systems. Microsoft Visual Studio, for example, has features that allow 
system developers to monitor and review how applications are running and 
performing, enabling developers to make changes if needed. IDERA’s Precise 
for Databases is a suite of performance monitors designed for the analysis of 
enterprise database environments—such as Oracle, SQL, DB2, and Sybase—and 
various subsystems.” Precise Software Solutions has system performance prod- 
ucts that provide around-the-clock performance monitoring that provide data 
analysis and tuning recommendations to provide enhance strategic planning. 
HP also offers a software tool called Business Technology Optimization (BTO) 
to help companies analyze the performance of their computer systems, diag- 
nose potential problems, and take corrective action if needed. When properly 
used, system performance products can quickly and efficiently locate actual 
or potential problems. 

Allscripts is a $2.1 billion publicly traded company that provides practice 
management, electronic health care records, and financial software to hundreds 
of physician practices, hospitals, and other health care organizations. Honey- 
well has partnered with Allscripts to provide systems monitoring for critical 
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system review: The process of 
analyzing a system to make sure it is 
operating as intended. 


system maintenance: A stage 

of systems development that involves 
changing and enhancing the system to 
make it more useful in achieving user 
and organizational goals. 


systems such as those that control patient oxygen flow and air flow for labo- 
ratories and pharmacies. With a monitoring system that alerts them before a 
problem occurs, Allscripts’s clients have the assurance that the critical systems 
they need to deliver high-quality patient care will continue uninterrupted.** 

System review is the process of analyzing a system to make sure it is oper- 
ating as intended. System review often compares the performance and benefits 
of the system as it was designed with the actual performance and benefits of 
the system in operation. 

United Airlines launched its Volunteer Solicitation Program in 2017. This 
software alerted passengers that flight was overbooked and would ask how 
much compensation they would accept in exchange for accepting a later, or 
earlier, flight. This information would then be available for use by the gate 
agents if the need arose. In reviewing the system and the data generated, the 
software team released a second version of the software in December 2018. 
This version gave passengers more options up to 24 hours in advance of their 
flight, so the compensation could be negotiated for a higher amount. The 
software also had options available based on the airport, customer type, and 
check-in channel (mobile, ticket counter, terminal). The system was built on 
gamification, meaning the customers could bid on the options they were view- 
ing, and it gave them more control of their options. Jason Birnbaum, Vice Presi- 
dent of Operations and Employee Technology, advises IT leaders to be as close 
to your team and customers as possible. When reviewing your software, he also 
advises “One of the key tenets of this project, and many others, has been for 
us to not iterate much in the conference room around white boards... . The 
information we get in every single one of these iterations is fast feedback.” 

Internal employees, external consultants, or both can perform a system 
review. An organization’s billing application, for example, might be reviewed 
for errors, inefficiencies, and opportunities to reduce operating costs. In addi- 
tion, the billing application might be reviewed if corporations merge, if one 
or more new managers require different information or reports, or if federal 
laws on bill collecting and privacy change. This is an event-driven approach 
to system review. 


Maintenance 

System maintenance is a stage of system development that involves chang- 
ing and enhancing the system to make it more useful in achieving user and 
organizational goals. Reasons for program maintenance include the following: 


e Poor system performance, such as slow response time for frequent 
transactions 

e Changes in business processes 

e Changes in the needs of system stakeholders, users, and managers 

e Bugs or errors in the program 

e Technical and hardware problems 

e Corporate mergers and acquisitions 

e Changes in government regulations 

e Changes in the operating system or hardware on which the application runs 


Organizations can perform system maintenance in-house, or they can hire 
outside companies to perform maintenance for them. Many companies that use 
information systems from Oracle or SAP, for example, hire those companies 
to maintain their systems. System maintenance is important for individuals, 
groups, and organizations. Individuals looking to system-maintenance services, 
for example, can use the Internet, computer vendors, and independent main- 
tenance companies, including Geek Squad (www.geeksquad.com) and PC Pin- 
point (www.pcpinpoint.com). Organizations often have personnel dedicated 
to system maintenance. Software maintenance for purchased software can cost 
20 percent or more of the purchase price annually. 
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slipstream upgrade: A minor 
system upgrade—typically a code 
adjustment or minor bug fix; it usually 
requires recompiling all the code, and 
in so doing, it can create entirely new 
bugs. 


patch: A minor system change to 
correct a problem or make a small 
enhancement; it is usually an addition 
to an existing program. 


release: A significant program 
change that often requires changes in 
the documentation of the software. 


version: A major program change, 
typically encompassing many new 
features. 


System maintenance efforts 
This chart shows the relative 
amount of change and effort 
associated to test and implement 
slipstream upgrades, patches, 
releases, and versions. 
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The maintenance process can be especially difficult for older software. A 
legacy system might have cost millions of dollars to develop, patch, and modify 
over the years. The maintenance costs for legacy systems can become quite 
expensive, and, at some point, it becomes more cost effective to switch to new 
programs and applications than to repair and maintain the legacy system. 

Four generally accepted categories signify the amount of change involved 
in maintenance. A slipstream upgrade is a minor system upgrade—typically 
a code adjustment or minor bug fix. Many companies don’t announce to users 
that a slipstream upgrade has been made; however, because a slipstream 
upgrade usually requires recompiling all the code, it can create entirely new 
bugs. This maintenance practice explains why the same computers sometimes 
work differently with what is supposedly the same software. A patch is a 
minor change to correct a problem or make a small enhancement. The fix 
is usually patched into an existing program; that is, the programming code 
representing the system enhancement is usually added to the existing code. 
Many patches come from off-the-shelf software vendors. Although slipstream 
upgrades and patches are minor changes, they can cause users and support 
personnel big problems if the programs do not run as before. A new release is 
a significant program change that often requires changes in the documentation 
of the software. Finally, a new version is a major program change, typically 
encompassing many new features. Figure 13.18 shows the relative amount 
of change and effort required to test and implement these four categories of 
system maintenance. 


Slipstream 
upgrade 


Amount of change to system 


Release Version 


Client effort to test and implement change 


Because of the amount of effort that can be spent on maintenance, many 
organizations require a request for maintenance form to be completed and 
approved before authorizing the modification of an information system. This 
form is usually signed by a business manager who documents the need for the 
change and identifies the priority of the change relative to other work that has 
been requested. The IS group reviews the form and identifies the programs 
that need to be changed, determines the programmer to assign to the project, 
estimates the expected completion date, and develops a technical description 
of the change. A cost/benefit analysis might be required if the change requires 
substantial resources. The completed change request is then reviewed and pri- 
oritized relative to the other change requests that have been made. 


Disposal 

At some point, an existing information system may become obsolete, uneco- 
nomical to operate and/or maintain, or unrepairable. Information systems typ- 
ically evolve to this stage in the life cycle because the system can no longer be 
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system disposal: A stage of 
system development that involves 
those activities that ensure the orderly 
dissolution of the system, including 
disposing of all equipment in an 
environmentally friendly manner, 
closing out contracts, and safely 
migrating information from the system 
to another system or archiving it in 
accordance with applicable records 
management policies. 


modified to keep up with changing user and business requirements, outdated 
technology causes the system to run slowly or unreliably, or key vendors are 
no longer able or willing to continue to provide necessary service or support. 

System disposal is a stage of system development that involves those activ- 
ities that ensure the orderly dissolution of the system, including disposing of all 
equipment in an environmentally friendly manner, closing out contracts, and 
safely migrating information from the system to another system or archiving it 
in accordance with applicable records management policies. The steps involved 
in system disposal are outlined and discussed in the following sections: 


Communicate intent 
Terminate contracts 
Make backups of data 
Delete sensitive data 
Dispose of hardware 


VS oe Ne 


Communicate Intent 


A memo communicating the intent to terminate the information system should 
be distributed to all key stakeholders, months in advance of the actual shut- 
down. This ensures that everyone is aware of the shutdown and allows time 
for them to convert to the new system or process replacing the terminated 
system. Microsoft has announced that extended support for Windows 7 will 
end on January 14, 2020. Mainstream support for the operating system ended 
in 2015. When the end of support for an operating system is announced, busi- 
nesses must begin to plan their strategy, as the end of support means there 
will no longer be security updates. Despite the risks, an estimated 43 percent 
of companies are still running the outdated operating system, with an astonish- 
ing 16 percent still running Windows XP and Windows Vista, which Microsoft 
stopped supporting several years ago. Running outdated operating systems 
leaves a company vulnerable to security threats. However, for a significant fee, 
an organization can contract with Microsoft for additional extended support.*° 


Terminate Contracts 


The various vendors who provide hardware, software, or services associated 
with the information system must be notified well in advance to avoid any 
penalty fees associated with abrupt termination of a contract. 


Make Backups of Data 


Prior to deleting files associated with the system, backup copies of data must 
be made according to the organization’s records-management policies. 


Delete Sensitive Data 

Extreme care must be taken to remove customer, employee, financial, and 
company-sensitive data from all computer hardware and storage devices before 
disposing of it. Otherwise, an organization’s discarded equipment could become 
a treasure trove to competitors or identity thieves. When a file is deleted, the 
bits and pieces of the file physically stay on a computer hard drive until they 
are overwritten, and they can be retrieved with a data recovery program. To 
remove data from a hard drive permanently, the hard drive needs to be wiped 
clean. The program used should overwrite or wipe the hard drive several times. 
An alternative is to remove the hard drive and physically destroy it. 


Dispose of Hardware 

After backing up and then removing data from drives, members of the project 
team can dispose of obsolete or damaged computer hardware. Governments, 
environmental agencies, and leading hardware manufacturers are attempting 
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to reduce hazardous materials in electronic products; however, some hardware 
components still contain materials that are toxic to the environment. Respon- 
sible disposal techniques should be used regardless of whether the hardware 
is sold, given away, or discarded. Many computer hardware manufacturers, 
including Dell and HP, have developed programs to assist their customers in 
disposing of old equipment. 


Critical User Acceptance Testing for New Accounting System 


Thinking» teamwork 
Exercise 


You are a member of the finance and accounting organization of a midsized 
sporting goods retailer. You are knowledgeable of all facets of your firm’s current 
accounting systems and procedures and have been working in accounts receivable 
for the past three years. The firm is implementing a new cloud-based accounting 
system to handle general ledger, accounts payable, accounts receivable, and payroll 
tasks. You have been selected to plan and lead the user acceptance testing for the 
accounts receivable portion of the system. This will be a full-time activity for you 
over the next two-to-three months, and during that time, other employees will fill 
in to take care of most of your day-to-day responsibilities. 


Review Questions 


1. Outline the tasks that must be accomplished to successfully complete user 
acceptance testing. 

2. Your normal work activities and responsibilities have not allowed you time to 
become familiar with this project and the new system and its capabilities. What 
actions would you take to get caught up quickly? 


Critical Thinking Questions 


1. How would you go about selecting and recruiting end users to participate in 
the user acceptance testing? How would you determine how many end users 
are needed for testing? 

2. What do you think might be the biggest barriers to completion of the user 
acceptance testing in a timely manner? 


Agile Development 


Agile development: An iterative Agile development is an iterative system development process that devel- 
system:development process that ops a system in “sprint” increments lasting from two weeks to two months. 
develops the system in “sprint Unlike the Waterfall system development process, Agile development accepts 
increments lasting from two weeks to . 2 

iwe manths. the fact that system requirements are evolving and cannot be fully understood 


or defined at the start of the project. Agile development concentrates instead 
on maximizing the team’s ability to deliver quickly and respond to emerging 
requirements—hence the name Agile. In an Agile development project, the 
team stops and reevaluates the system every two weeks to two months, giv- 
ing it ample opportunity to identify and implement new or changed system 
requirements.*” 

Scrum: An Agile development Scrum is an Agile development framework that uses a team-based approach 

framework that emphasizes a team- in order to keep the development effort focused and moving quickly. Scrum 

Deepa approagh Morder 16 keep emphasizes individuals and interactions over processes and tools, working soft- 

the development effort focused and ; ° : 

moving quickly. ware over comprehensive documentation, customer collaboration over contract 
negotiation, and responding to change over following a plan.** 
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Scrum master: The person who 
coordinates all the Scrum activities of 
a team. 


product owner: A person who 
represents the project stakeholders 
and is responsible for communicating 
and aligning project priorities between 
the stakeholders and development 
team. 


product backlog: A prioritized 
list of project requirements created 
by the stakeholders and project team 
members; from this list, the team 
selects the highest priorities. 


Requirements 
refinement 
meeting 


Prioritized list of 
system requirements 
(product backlog) 


FIGURE 13.19 


A Scrum master is the person who coordinates all Scrum activities, and 
a Scrum team consists of a dozen or fewer people who perform all systems 
development activities from investigation to testing so there is less personnel 
turnover than on the typical Waterfall system development project. The Scrum 
master does not fill the role of a traditional project manager and has no people 
management responsibilities. Instead, the primary responsibility of the Scrum 
master is to anticipate and remove barriers to the project team producing its 
deliverables and meeting the project schedule.” 

The product owner is a person who represents the project stakeholders 
and is responsible for communicating and aligning project priorities between 
the stakeholders and development team. The product owner holds the prod- 
uct vision; he or she is responsible for describing what should be built and 
why—but not how.” 

Using the Scrum method, the product owner works with the stakeholders 
and team to create a prioritized list of project requirements called a product 
backlog. Next, a sprint planning session is held, during which the team selects 
the highest priority requirements from the top of the product backlog to create 
the sprint backlog; they then decide how to implement those requirements. The 
team sets a certain amount of time—typically two to eight weeks—to complete 
its work. During the sprint, each day at the same time, the team meets briefly 
(15 minutes at most) to share information necessary for coordination. At this 
meeting, team members describe what they completed the previous day and 
identify any obstacles that stand in the way of them completing this day’s 
activities. The sprint is complete when the team presents a working system that 
incorporates the new requirements, and it can be used and evaluated. During 
the sprint review meeting, the team shares what it learned from the current 
sprint iteration so that knowledge can be applied in the next sprint iteration. 
See Figure 13.19. Along the way, the Scrum master keeps the team focused on 
its goals.*! 
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implemented 
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The Scrum Agile software development process 
The Scrum Agile approach develops a system in sprint increments lasting from two weeks to two months. 


Agile development requires cooperation and frequent face-to-face meet- 
ings with all participants, including system developers and users, as they 
modify, refine, and test the system’s capabilities and how it meets users’ 
needs. Organizations are using Agile development to a greater extent today to 
improve the results of system development, including global projects requir- 
ing IS resources distributed in many locations. Agile is often better suited for 
developing smaller information systems than larger ones. During an Agile 
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extreme programming (XP): A 
form of Agile software development 
that promotes incremental 
development of a system using 

short development cycles to improve 
productivity and to accommodate new 
customer requirements. 


DevOps: The practice of blending 
the tasks performed by the 
development and IT operations groups 
to enable faster and more reliable 
software releases. 
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project, the level of participation of stakeholders and users is much higher 
than in other approaches. Table 13.11 lists advantages and disadvantages of 
Agile development.” 


TABLE 13.11 Advantages and disadvantages of Agile development 


Advantages Disadvantages 


For appropriate projects, this approach It is an intense process that can burn 
puts an application into production out system developers and other proj- 
sooner than any other approach. ect participants. 


Documentation is produced as a 
by-product of completing project 
tasks. 


This approach requires system ana- 
lysts and users to be skilled in Agile 
system development tools and Agile 
techniques. 


Agile forces teamwork and lots 
of interaction between users and 
stakeholders. 


Agile requires a larger percentage of 
stakeholders’ and users’ time than 
other approaches. 


Extreme programming (XP) is a form of Agile software development 
that promotes incremental development of a system using short development 
cycles to improve productivity and to accommodate new customer require- 
ments. Other essentials of extreme programming include programming in pairs, 
performing extensive code review, unit testing of all code, putting off the 
programming of system features until they are actually needed, use of a flat 
project management structure, simplicity and clarity in code, expecting changes 
in system requirements as the project progresses and the desired solution is 
better understood, and frequent communication with the customer and among 
programmers. These qualities make extreme programming compatible with 
Agile software development.“ 

DevOps is the practice of blending of the tasks performed by the develop- 
ment staff (who are typically responsible for design, coding, and testing) and 
the IT operations groups (who typically handle operational deployment tasks, 
such as server provisioning and job scheduling) to enable faster and more reli- 
able software releases.“ This approach is key to successful Agile development 
environments where organizations go live with new software releases every 
two to four weeks. And in many organizations, DevOps is being used as part 
of a continuous deployment strategy, in which releases are launched daily— 
and in some cases, multiple times a day. Many industry experts view DevOps 
as an outgrowth of the Agile development movement, with an extension of 
Agile development principles to include systems and operations rather than 
just code. 

Under traditional software development approaches, the application devel- 
opment team gathers business requirements, writes code, and tests programs 
in an isolated development environment. The code is then released to the 
IT operations group to deploy in the real-world operational environment of 
end users. This involves gluing together all the components of an application, 
including databases, messaging infrastructure, external services, the passing 
and receiving of data to and from other systems, and third-party dependencies. 

DevOps principles reshape all the move-into-production activities so that 
they become automated, collaborative, continuous, incremental, iterative, and 
self-service. Responsive teams adopt DevOps practices of self-service configu- 
ration, automated provisioning (using predefined procedures that are carried 
out electronically without requiring human intervention), continuous build, 
continuous integration, continuous delivery, automated release management, 
and incremental testing, as shown in Figure 13.20. 
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FIGURE 13.20 


DevOps is part of a 
continuous deployment 
strategy in which releases 
can be launched daily 


DevOps blends the tasks performed 
by the development and operations 
groups to enable faster and more 


reliable software releases. 
Source: Chris Haddad, “Overcome 


DevOps Adoption Barriers to Accelerate 


Software Delivery,” Tech Well Insights, 


May 8, 2015, www.techwell.com/techwell- 


insights/20 15/05/overcome-devops- 
adoption-barriers-accelerate-software- 
delivery. 


) 


Although DevOps can mean slightly different things depending on how 
it is deployed at different companies, at its core, DevOps places a priority 
on collaboration, with operations staff and development engineers participat- 
ing together, over the entire system’s lifecycle—from design and development 
through testing and implementation.” 

Etsy is an online shopping site that sells everything from clothing to musi- 
cal instruments to vintage collectibles. Etsy connects buyers and sellers through 
its Web site, which means the site needs to be up and running consistently. 
When Etsy first began developing its systems, the IT staff used the Waterfall 
method of development. The process was slow, however, and the updates 
were causing too much downtime with the Web site. Etsy has now adopted a 
DevOps framework, which allows it to deploy more than 50 updates per day, 
with much less disruption on its site.“ 

Table 13.12 compares the key features of the Agile and Waterfall system 
development processes. 


TABLE 13.12 Comparison of approaches to system development 


Characteristic 


Software Development Approach 


Description 


Basic assumption 


How requirements and 
design are defined 


Associated processes 


Waterfall 
An iterative process that develops the sys- A sequential multistage process where work 
tem in sprint increments lasting 2-8 weeks; on the next stage cannot begin until the 
each increment focuses on implementing results of the previous stage are reviewed 
the highest priority requirements that can and approved or modified as necessary 


be completed in the allotted time 


System requirements cannot be fully All critical system requirements must be 
defined at start of project fully defined before any coding begins 
Users interacting with system analysts and Users interacting with system analysts and 
working software system documentation and/or models 
Scrum Structured system analysis and design 
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Critical Firm’s First Agile Project 


Thinking Æ WRITTEN AND ORAL COMMUNICATION 
Exercise 


You were hired into a new company that was impressed with your two years of 
experience as a Scrum master on a variety of information systems projects. Your 
new firm has a large in-house information system development staff that is trained 
and experienced in the use of the Waterfall software development process. You 
have been assigned responsibility as a Scrum master for a key project that will be 
the firm’s first Agile project. You have also been asked to train the project manager, 
team, and newly appointed product owner in the Agile process and their associated 
roles and responsibilities. 


Review Questions 

1. As part of the team’s initial project kickoff meeting, you have been asked to 
briefly summarize the differences between the Waterfall and Agile software 
development process. What would you say? 

2. Following your discussion, one of the team members asks, “so why are we 
changing to a new software development process? We are all comfortable with 
the way we do things now.” What do you say? 


Critical Thinking Questions 

1. There is likely to be some confusion over the role of project manager, Scrum 
master, and product owner. What can you do to avoid this potential problem? 

2. What other potential problems can you anticipate as the team moves forward 
with its first Agile project? What can be done to avoid these potential issues? 


Principle: 


Organizations can obtain software using one of three basic approaches: 
subscribe, buy, or build. 

Buying off-the-shelf software is less risky and leads to quicker deployment; 
however, maintenance and support costs may become expensive with this 
approach, and the software may not be an exact match to the needs and work 
processes of the organization. 

Building custom software can provide a better match to the current work 
processes of the organization and provide a potential competitive advantage; 
however, the cost can become extremely high, and it can take months or even 
years to develop the software. 


Principle: 


When evaluating and purchasing off-the-shelf software, an organization 
must consider the effort required to modify both the new software pack- 
age and the existing software so that they work well together. 

A preliminary evaluation of software packages and vendors begins 
during system analysis when the two or three strongest contenders are 
identified. The final evaluation begins with a detailed investigation of the 
contenders’ proposals as well as discussions with two or three customers 
of each vendor. 
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Principle: 


A system developed following the Waterfall approach moves from one 
phase to the next, with a management review at the end of each phase. 

The set of activities involved in building information systems to meet users’ 
needs is called system development. 

The Waterfall system development process cycle is a sequential, multistage 
system development process in which work on the next stage cannot begin until 
the results of the current stage are reviewed and approved or modified as neces- 
sary. It is referred to as a Waterfall process because progress is seen as flowing 
steadily downwards (like a Waterfall) through the various phases of development. 

The phases of the Waterfall system development process can vary from one 
company to the next, but many organizations use an approach with six phases: 
investigation, analysis, design, construction, integration and testing, and imple- 
mentation. Once the system is built, organizations complete the additional steps 
of operation and maintenance and disposition. 

At the end of each phase, a review is conducted to ensure that all tasks 
and deliverables associated with that phase were produced and that they are 
of good quality. In addition, at the end of each phase, the overall project scope, 
costs, schedule, and benefits associated with the project are reviewed to ensure 
that the project is on track and worth completing. As a result, the Waterfall 
system development process allows for a high degree of management control. 

System investigation is the key initial phase in the development of a new 
or modified business information system. The purpose of this phase is to gain 
a clear understanding of the specifics of the problem to solve or the opportu- 
nity to address. 

Joint application development (JAD) is a structured meeting process that 
can accelerate and improve the efficiency and effectiveness of not only the 
investigation phase, but also the analysis and design phases of a system devel- 
opment project. 

Functional decomposition is a technique used primarily during the inves- 
tigation phase to define the business processes included within the scope of 
the system. 

The technical, economic, legal, operational, and schedule feasibility are 
assessed during the feasibility analysis. 

After a project has completed the investigation phase and been approved 
for further study, the next step is system analysis, which answers the question, 
“What must the information system do to solve the problem or capitalize on 
the opportunity?” 

The overall emphasis of analysis is gathering data on the existing system, 
determining the requirements for the new system, considering alternatives within 
identified constraints, and investigating the feasibility of alternative solutions. 

Identifying, confirming, and prioritizing system requirements is perhaps 
the single most critical step in the entire Waterfall system development pro- 
cess because failure to identify a requirement or an incorrect definition of a 
requirement may not be discovered until much later in the project, causing 
much rework, additional costs, and delay in the systems effort. 

A data-flow diagram (DFD) is a diagram used during both the analysis and 
design phases to document the processes of the current system or to provide a model 
of a proposed new system. A DFD shows not only the various processes within the 
system but also where the data needed for each process comes from, where the 
output of each process will be sent, and what data will be stored and where. 

The analysis team should make a preliminary assessment of the software 
marketplace to determine whether existing packages can meet the organiza- 
tion’s needs. The primary tool for doing this is the request for information 
(RFD, a document that outlines an organization’s hardware or software needs 
and requests vendors to respond with information about if and how they can 
meet those needs and the time and resources required. 
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The purpose of system design phase is to answer the question, “How will 
the information system solve this problem?” The primary result of the system 
design phase is a technical design that details system outputs, inputs, con- 
trols, and user interfaces; specifies hardware, software, databases, telecommu- 
nications, personnel, and procedures; and shows how these components are 
interrelated. In other words, system design creates a complete set of technical 
specifications that can be used to construct the information system. 

During the design phase, designers must develop specific system security 
and controls for all aspects of the information system, including hardware, 
software, database systems, telecommunications, and Internet operations. 

System construction converts the system design into an operational system 
by coding and testing software programs, creating and loading data into data- 
bases, and performing initial program testing. 

Several types of testing must be conducted before a new or modified 
information system is ready to be put into production, including unit testing, 
integration testing, system testing, volume testing, and user acceptance testing. 

System implementation includes the following activities: user preparation, 
site preparation, installation, and cutover. 

System operation involves using the new or modified system under all 
kinds of operating conditions. Getting the most out of a new or modified 
system during its operation is the most important aspect of system operations 
for many organizations. 

System maintenance involves changing and enhancing the system to make 
it more useful in achieving user and organizational goals. There are many rea- 
sons why system maintenance is required. 

System disposal involves those activities that ensure the orderly dissolu- 
tion of the system, including disposing of all equipment in an environmentally 
friendly manner, closing out contracts, and safely migrating information from 
the system to another system or archiving it in accordance with applicable 
records management policies. 


Principle: 


Agile development is an iterative system development process that devel- 
ops a system in “sprint” increments lasting from two weeks to two months. 

Unlike the Waterfall system development process, Agile development 
accepts the fact that system requirements are evolving and cannot be fully 
understood or defined at the start of the project. Agile development concen- 
trates instead on maximizing the team’s ability to deliver quickly and respond 
to emerging requirements—hence the name Agile. 

Scrum is an Agile development framework that uses a team-based approach 
in order to keep the development effort focused and moving quickly. Scrum 
emphasizes individuals and interactions over processes and tools, working soft- 
ware over comprehensive documentation, customer collaboration over contract 
negotiation, and responding to change over following a plan. 

A Scrum master is the person who coordinates all Scrum activities, and a 
Scrum team consists of a dozen or fewer people who perform all system devel- 
opment activities from investigation to testing. 

The product owner is a person who represents the project stakeholders and is 
responsible for communicating and aligning project priorities between the stake- 
holders and development team. The product owner holds the product vision; he 
or she is responsible for describing what should be built and why—but not how. 

Extreme programming (XP), another Agile software development approach, 
promotes incremental development of a system using short development cycles 
to improve productivity and to accommodate new customer requirements. 

DevOps is the practice of blending the tasks performed by the develop- 
ment and IT operations groups to enable faster and more reliable software 
releases. This approach is key to successful Agile development. 
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Agile development 

cold site 

cutover 

data-flow diagram (DFD) 
DevOps 

direct conversion 

disaster recovery plan 
economic feasibility 
extreme programming (XP) 
failover 

feasibility analysis 
functional decomposition 
hot site 

installation 

integration testing 

joint application development (JAD) 
legal feasibility 
mission-critical processes 
monitoring 

operational feasibility 
parallel start-up 

Pareto principle (80-20 rule) 
patch 

performance evaluation test 
perpetual license 

phase-in approach 

pilot start-up 

product backlog 

product owner 


release 

request for information (RFD 
schedule feasibility 

Scrum 

Scrum master 

site preparation 

slipstream upgrade 

system analysis 

system construction 
system design 

system development 
system disposal 

system investigation 
system investigation report 
system maintenance 
system operation 

system review 

system testing 

technical documentation 
technical feasibility 

unit testing 

user acceptance document 
user acceptance testing (UAT) 
user documentation 

user preparation 

version 

volume testing 


Waterfall system development process 


Self-Assessment Test 


Organizations can obtain software using one of 
three basic approaches: subscribe, buy, or build. 


le software is less risky and leads 
to quicker deployment; however, maintenance 
and support costs may become expensive. 

Custom 

Enterprise 

Off-the-shelf 

Personal productivity 

2, software can provide a better 
match to the current work processes of the orga- 
nization and may provide a potential competitive 
advantage; however, software development can 


aor. 


be extremely costly, and it can take months or 
even years to complete. 
a. Custom 
b. Enterprise 
c. Off-the-shelf 
d. Personal productivity 

3. Which of the following is not a reason to sub- 
scribe to on-demand software? 
a. The software does not need to be scalable. 
b. Specialized software is needed in a timely 

fashion. 

c. The IT staff does not include developers. 
d. The company has limited storage capacity. 
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When evaluating and purchasing off-the-shelf software, 


an organization must consider the effort required to 
modify both the new software package and the exist- 
ing software so that they work well together. 


4. A preliminary evaluation of software packages 
and vendors begins during the 
phase when the two or three strongest 
contenders are identified. 

a. system investigation 
b. system design 

c. system analysis 

d. feasibility analysis 


A system developed using the Waterfall approach 
moves from one phase to the next, with a manage- 
ment review at the end of each phase. 


5. Many organizations use a Waterfall approach 
with six phases, including investigation, analysis, 
design, , integration and testing, 
and implementation. 

6. The Waterfall approach allows for a high degree 
of management control, but it does not allow for 
user interaction with the system until the inte- 
gration and testing phase, when the system is 
nearly complete. True or False? 

7. The purpose of the system investigation phase is 
to : 

a. define what the information system must 
do to solve the problem or capitalize on the 
opportunity 

b. gain a clear understanding of the specifics of 
the problem to solve or the opportunity to 
address 

c. gather data on the existing system and deter- 
mine the requirements for the new system 

d. identify, confirm, and prioritize system 
requirements 

8. is a diagram used to document 
the processes of the current system or to provide 
a model of a proposed new system. 

9. The overall emphasis of the 
phase is on gathering data on the existing sys- 
tem, determining the requirements of the new 
system, considering alternatives within identified 
constraints, and investigating the feasibility of 
alternative solutions. 
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a. investigation 
b. analysis 
c. design 
d. construction 

10. The primary tool for assessing the software mar- 
ketplace to determine whether existing pack- 
ages can meet the organization’s needs is the 


system investigation report 

request for quotation 

RFI 

system design report 

he phase converts the system 
design into an operational system by coding and 
testing software programs, creating and loading 
data into databases, and performing initial pro- 
gram testing. 

a. system analysis 

b. system construction 

c. system implementation 

d. system testing and integration 


Hao oe 


1E 


Agile development is an iterative system develop- 
ment process that develops a system in “sprint” 
increments lasting from two weeks to two months. 


12. is an Agile development frame- 
work that uses a team-based approach in order 
to keep the development effort focused and 
moving quickly. 

13. In the Scrum framework, the is 
a person who represents the project stakehold- 
ers and is responsible for communicating and 
aligning project priorities between stakeholders 
and the development team. 

a. project manager 
b. Scrum master 
c. product owner 
d. project sponsor 

14. is the practice of blending the 
tasks performed by the development and IT 
operations groups to enable faster and more reli- 
able software releases. 

a. Scrum 

b. Extreme programming 
c. JAD 

d. DevOps 


Self-Assessment Test Answers 


a 2 2 0 


construction 
True 
b 


SON ME ps 9 


8. Data-flow diagram 
9b 

OC 

ED 

12. Scrum 

iis xe 

14. d 
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Review and Discussion Questions 


1. What are primary characteristics of the 7. Outline the steps necessary to conduct an effec- 
Waterfall system development process? What is tive joint application development (JAD) session. 
the rationale for using the term “Waterfall” to Who should participate in such a session? What 
describe it? is the role of the JAD facilitator? 

2. Identify and state the purpose of each of the 8. Why is it important for business managers to 
six phases of the Waterfall system development have a basic understanding of the system devel- 
process. opment process? 

3. Identify and briefly describe at least three 9. Identify several areas for which system security 
advantages of SaaS and how these advantages and control requirements need to be defined. 
and help an organization as they grow. 10. Identify and briefly describe six system perfor- 

4. Provide two examples of opportunities or mance factors. 
problems that are likely to trigger the need for 11. How does DevOps support the Agile system 
an information system project. development process? 

5. What are the four different kinds of feasibility 12. What is extreme programming (XP)? What is its 
that must be assessed? Why is the feasibility of goal? 

a system reviewed during both the analysis and 13. An organization has selected and is now imple- 
design phases? menting a software package. Identify three key 

6. Thoroughly discuss the pros and cons of buying factors that will determine the cost and time 
versus building software. required for implementation. 


Business-Driven Decision-Making Exercises 


1. You are acquiring a new information system for process would be used for the project; the other 
The Fitness Center, a company with three fitness team plans to follow the Agile approach. A third 
centers in your metropolitan area, with a total of option is to purchase off-the-shelf software that 
1200 members and 20 to 30 full and part-time provides nearly all the benefits of a custom-built 
employees in each location. Through previous solution. Review the estimates below and choose 
research efforts, the director of marketing has the best approach for the project: Waterfall devel- 
determined that your clientele is interested in a opment, Agile development, or off-the-shelf soft- 
state-of-the-art software system to track all their ware implementation. Provide a solid rational for 
fitness and health-related activities. Each piece of your choice. Identify any assumptions you must 
equipment in the gym will be modified to allow make in reaching your decision. 


entry of the member’s ID number, recording the 
date, time of day, weight used, and number of 

reps or workout length. Members and fitness Waterfall Sarthe 
consultants want to be able to log in to the sys- 


Off-the- 
Shelf 


$ i Total effort months to 45 38 6 
tem from any computer or mobile device and lee be saian 
see displays of various reports (calories burned, es 
muscle groups worked, blood pressure, distance Cosi imer ient inona. UE $10k 110k: 
run, steps taken, etc.) for a user-specified time Cost of software $350k 
period. Use word-processing software to identify Package 
at least six high-priority requirements for such Elapsed time until Not 2 Not 
a system. Use a spreadsheet or project manage- a partial working applicable applicable 
ment program to identify and schedule the tasks version is available 
that must be performed in order to choose the months) 
best software package and implement it. Elapsed time until all 8 5 3 
2. The preliminary investigation of a software proj- currently envisioned 


features are available 


ect has been completed. Two different project 
(months) 


teams have estimated the costs associated with 
the development and maintenance of a new Annual savings gener- $180k $180k $160k 
system. One team based their estimates on the ated by the complete 

assumption that the Waterfall system development system 
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Teamwork and Collaboration Activities 


1. Your team has been hired to define the scope 
and feasibility of project to create a database of 
job openings and descriptions for the companies 
visiting your campus each term. Students would 
be able to log on to the system and request an 
appointment with each company’s recruiter. 
Recruiters would be granted access to each stu- 
dent’s summary transcript (courses taken, but 
no grades shown) and resume. Describe the 
tasks your team would perform to complete the 


system investigation phase. Who else needs to 
be involved in the system investigation? Develop 
a data-flow diagram that defines the scope of 
this system. 

2. Your team has been selected to monitor 
the disposal of your school’s 10-year old 
student-registration system. Develop a list 
of the activities that need to be completed 
to complete this task. Which activities are of 
most concern? 


Career Exercises 


1. Perform research to learn what is required 
to have a successful career as a software 
developer for smartphones. What sort of 
education and experience is needed? 
What personal characteristics would be 
helpful in such a career? How would one 
get started in such a career, and what are 
starting salaries? 

2. Identify an information system frequently 
employed by people in a career field you 


are interested in. Discuss how you might be 
involved as a user in the development or 
acquisition of such a system for your future 
company. Identify three things that you 
could do as a project participant that would 
greatly improve the likelihood of successful 
project. Now, identify three things that you 
could do (or fail to do) that could greatly 
diminish the probability of success of such a 
project. 


æ GLOBAL 


Case Study 

Intel Uses Agile and DevOps to Transform Its 
Business Operations 

To be a leader in technology, you have to be able to adapt 
to change, and in today’s world, change comes quickly. 
Intel, one of the world’s largest semiconductor compa- 
nies, has a supply chain that includes 19,000 suppliers, 
2,000 customers, and facilities in 63 countries. Each year, 
the company fulfills over a million orders and ships over 
a billion units. To sustain this level of business and adapt 
to a constantly changing market, Intel brought machine 
learning into its operations by utilizing DevOps and Agile 
practices. 

According to Aziz Safa, Intel’s chief data officer, 
“Twenty years ago, we would not make a major change in 
the enterprise for years. Whereas today you are seeing new 
offerings come very fast.” According to Safa, developing 
that agility in Intel’s operations required a shift in thinking 
across the company. 

Starting in 2017, Intel jump-started that shift by train- 
ing 4,700 employees on the Agile methodology. After see- 
ing success with the Agile approach, the company trained 
another 3,000 employees. According to the company’s 


2018-2019 IT performance report, Intel’s “new scaling 
framework has created a significant pull in the organiza- 
tion to fully commit to the Agile and DevOps transforma- 
tion.” The goal is to have a 60 percent testing automation 
and a 50 percent reduction in time to delivery. To achieve 
this goal, the DevOps team identified the applications that 
interoperate and the areas that must operate efficiently to 
reduce the time to delivery. Using the Agile framework, 
they are working toward the goal of introducing new 
systems and applications that will utilize the automated 
testing process and increase the delivery time for its 
customers. 

Now that the move to Agile and DevOps is under- 
way at Intel, the focus is shifting to better utilizing 
the data from the systems to make applications oper- 
ate more efficiently across different platforms. Intel 
is basing more of their success on cloud and automa- 
tion platforms. DevOps has paved the way for what is 
being called the “Common Cloud Core” (C3) and the 
ability to use PaaS (discussed earlier in the chapter) to 
enhance the delivery of new systems and increase the 
scalability of the current systems. Traditionally, systems 
were designed to run for several years before updates 
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were planned. Intel recognizes that it is “fundamental 

to any organization that wants to innovate based on 
technology: digital transformation and DevOps go hand 
in hand.” A business must be able to move quickly in the 
ever-changing technology world, and Intel is at the cen- 
ter of this market. Applications must move from the idea 
state to production in a consistent manner, versus the 
traditional method that would take months of planning 
and development. Feedback must be continuous from 
users to developers to allow for continuous 
improvements. 

By combining DevOps, PaaS, and C3, Intel has auto- 
mated many of its systems. This automation has allowed 
for more efficient processing and a cost savings for both 
company and customers. Intel has taken advantage of 
release planning, which allows developers to release 
smaller portions of the system on a more frequent basis. 
Utilizing the cloud infrastructure, there is no downtime, 
and end users can provide feedback on a manageable 
scale. DevOps allows for continuous testing as the devel- 
opment cycle is shorter, and the feedback is faster and 
on a targeted part of the system. With the tools avail- 
able through PaaS, there is continuous monitoring of 
the system to keep applications running at optimum 
levels. These tools provide developers with performance 
data so they can improve on any areas that may be 
under-performing. Intel has been successful in imple- 
menting Agile and DevOps. What will be next for this 
technology giant? 


Critical Thinking Questions 


1. Intel has been a technology leader for decades. Why 
do you think it took the company so long to make 
major changes in the past? Why you think it has taken 
them so long to make the move to an Agile develop- 
ment method for faster processes. 

2. Intel uses a combination of DevOps, C3, and PaaS 
for development. Do you think PaaS is necessary for 
DevOps to be successful? Why do you think Intel is 
using PaaS along with DevOps in the Agile develop- 
ment process? What advantage, or disadvantage, do 
you think PaaS could have for Intel in the future? 

3. What would be some of the criteria you would use 
to measure the success of a shift to DevOps practices 
within a company? 


SOURCES: Stephanie Condon, “Scaling Agile, Adopting AI: How Intel Is 
Making IT a Strategic Part of the Business,” ZDNet, https://www 
.zdnet.com/article/scaling-agile-adopting-ai-how-intel-is-making-it-a- 
strategic-part-of-the-business/, April 17, 2019; “Intel IT: Harnessing AI 
and Analytics to Drive Digital Transformation,” Intel, https://newsroom 
.intel.com/news/intel-it-harnessing-ai-analytics-drive-digital- 
transformation/#gs.80wfxd, accessed April 28, 2019; “Driving the Digital 
Enterprise Transformation: 2018-2019 Intel IT Annual Performance 
Report,” bitps.,//jwww.intel.com/content/www/us/en/it-managemenr/intel- 
it-best-practices/intel-it-annual-performance-report-2018-19-paper.html, 
accessed June 25, 2019; “Integrating Cloud Management Platforms, PaaS 
and DevOps for Business Effectiveness,” Intel, bttps,/Avww.intel.com/ 
content/dam/wwu/public/us/en/documents/white-papers/hybrid-cloud- 
devops-white-paper-fv.pdf, accessed June 25, 2019. 


Sources for the opening vignette: Jessica Mulholland, “3 
Pieces of Advice for Making the Transition from Waterfall 

to Agile,” Government Technology, May 26, 2017, http.// 
wuww.govtech.com/people/3-Pieces-of-Advice-for-Making-the- 
Transition-from-Waterfall-to-Agile.html, “Agile Government? 
Not an Oxymoron in the State of Maine,” Pega, https://www 
.pega.com/insights/resources/agile-government-not-oxymoron- 
state-maine, accessed February 23, 2019; “About Agile: 
Project Management,” Maine.gov, hitps:/jvww.maine.gov/oit/ 
project_management/agile.himl, accessed February 23, 2019. 


1. “Amazon Logistics,” Amazon, https:;//Jlogistics.amazon 
.com/, accessed April 19, 2019. 

2. Clint Boulton, “Dealer Tire Gains Traction with Data 
Science,” CIO, April 8, 2019, bitps:/Avww.cio.com/ 
article/3387520/dealer-tire-gains-traction-with-data- 
science.himl. 

3. Clint Boulton, “Sales Automation App Helps Suddath 
Get Its Move On,” CIO, April 2, 2019, https://www 
.cio.com/article/338492Y/sales-automation-app-helps- 
suddath-get-its-move-on.html. 

4. “Get the Most from Office with Office 365,” Microsoft, 
https://products.office.com/en-us/compare-all-microsoft- 
office-products-test?tab=2EGtab=2, accessed February 17, 
2019. 

5. “Creative Cloud Plans & Pricing,” Adobe, bitps:/Avww 
.adobe.com/creativecloud/plans.html?promoid= 
CJ132J/RDEmv=other, accessed February 17, 2019. 


6. “IaaS, PaaS, SaaS (Explained and Compared),” Atos, 
https://apprenda.com/library/paas/iaas-paas-saas- 
explained-compared/, accessed February 20, 2019. 

7. “Top Five Advantages of Software as a Service 
(Saas),” IBM, hitps:/Avww.ibm.com/blogs/cloud- 
computing/2013/09/18/top-five-advantages-of-software- 
as-a-service-saas/, accessed February 22, 2019. 

8. Maciej Duraj, “SaaS Business Models Analyzed,” 
Forbes, January 3, 2019, bttps://www,forbes.com/ 
sites/maciejduraj/2019/01/03/saas-business-models- 
analyzed/#6ef270822ab5, accessed February 16, 
2019. 

9. “An Overview of SaaS,” Digital Guide, bitps:/Avww.ionos 
.com/digitalguide/server/know-how/an-overview-of-saas- 
software-as-a-service/, accessed February 22, 2019. 

10. “Guidance on HIPAA & Cloud Computing,” HHS. 
gov, https:/jvww.hhs.gou/hipaa/for-professionals/ 
special-topics/cloud-computing/index.html, accessed 
February 23, 2019. 

11. Jessie Bur, “VA’s IT Leadership Problem Has Infected 
Modernization Efforts,” Federal Times, April 3, 2019, 
https://www federaltimes.com/it-networks/2019/04/03/ 
vas-it-leadership-problem-has-infected-modernization- 
efforts/. 

12. “Business Analyst Training | Onsite Business 
Courses,” Pierson Requirements Group, https://www 
.piersonrequirementsgroup.com, accessed April 27, 2019. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


113). 


14. 


IS 


16. 


17 


18. 


19. 


20. 


21. 


22. 


23. 


24. 


25: 


26. 


27. 


28. 


29. 


Jasmine Lee, “AgTech Trends in 2019: Synthetic Biology, 
Precision Agriculture, and Millennial Farmers,” AgTech 
Trends in 2019, December 3, 2018, https,/Jearn 
.g2crowd.com/2019-agtech-trends. 

Robert N. Charette, “U.S. Coast Guard’s $67 Million EHR 
Fiasco,” bitps://spectrum.ieee.org/riskfactor/computing/ 
software/us-coast-guards-6 7-million-ehr-fiasco, 

March 8, 2018. 

“Early Intervention System,” Sierra-Cedar, https://www 
.sierra-cedar.com/wp-content/uploads/sites/12/2018/10/ 
OVER-EIS.pdf, accessed April 27, 2019. 

“Interagency Guidelines Establishing Information 
Security Standards,” Board of Governors of the Federal 
Reserve System, www,federalreserve.gou/bankinforeg/ 
interagencyguidelines.btm, accessed June 9, 2014. 
Brian Ward, “The Importance of Good Interface 
Design,” heehaw.digital (blog), February 27, 

2013, bitp://blog.heehaw.co.uk/2013/02/ 
the-importance-of-good-interface-design. 

Ben Shneiderman, and Catherine Plaisant, Designing the 
User Interface: Strategies for Effective Human-Computer 
Interaction, Fifth edition, 2009, Pearson: New York. 
Joshua Porter, “Principles of User Interface Design,” 
Bokardo (blog), http://bokardo.com/principles-of-user- 
interface-design/, accessed July 3, 2014. 

“RecoverPoint,” Dell EMC, www.emc.com/storage/ 
recoverpoint/recoverpoint.htm, accessed April 8, 2019. 
“SteelEye LifeKeeper,” SteelEye Technology, Inc., www 
.ha-cc.org/high_availability/components/application_ 
availability/cluster/high_availability_cluster/steeleye_ 
lifekeeper, accessed April 8, 2019. 

“Application Continuous Availability,” NeverFail, bttps:// 
neverfail.com/solutions/continuous-application- 
availability, accessed April 8, 2019. 

“Wells Fargo Reports $5.9 Billion in Quarterly Net 
Income; Diluted EPS of $1.20,” Wells Fargo, bttps:// 
wwwos.wellsfargomedia.com/assets/pdf/about/investor- 
relations/earnings/first-quarter-2019-earnings.pdf, 
accessed April 28, 2019. 

Will Hernandez, “Flaws in Testing May Be Real Source 
of Wells Fargo’s Tech Failure,” American Banker, 
February 8, 2019, https,/Awww.americanbanker.com/ 
news/flaws-in-testing-may-be-real-source-of-wells- 
Jargos-tech-failure. 

“CodeSmith Generator,” CodeSmith, www 
.codesmithtools.com/product/generator, accessed 

April 8, 2019. 

“Datalab Achieves Full Maximization in Credit Card 
Promotion and Advertising Campaigns,” Datalab, 
https://www.genexus.com/en/company/success-stories/ 
datalab, accessed April 27, 2019. 

“Dr.Explain Featured Reviews,” DREXPLAIN, www. 
drexplain.com/what-do-users-say, accessed April 8, 2019. 
“Surging Customer Demand Drives Cyxtera Data Center 
Expansion in Five Markets,” Cyxtera, March 11, 2019, 
https://www.cyxtera.com/news-events/press-releases/ 
surging-customer-demand-drives-cyxtera-data-center- 
expansion-in-five-markets. 

“Investor Relations,” dormakaba Group, https://www 
.dormakaba.com/en, accessed April 27, 2019. 


30. 


SIE 


32. 


36. 


37. 


38. 


39. 


40. 


41. 


42. 


43. 


44. 


45. 
46. 


CHAPTER 13 © System Acquisition and Development 559 


“Leading in Technology - dormakaba one of the Top 
100 Global Technology Leaders, According to Thomson 
Reuters,” dormakaba Group, bitps:/Avww.dormakaba 
.com/en/innovation/leading-in-technology---dormakaba- 
one-of-the-top-100-global-technology-leaders--according- 
to-thomson-reuters-642638, accessed April 27, 2019. 
“How Can Companies Digitize Their Security 

Systems?,” SAP, hitps./Jwww.sap.com/ 
documents/2018/01/22ac6 70d-ea 7c-0010-82c 7- 
eda71af511fa.btml, accessed April 27, 2019. 
“Certification due to single system,” dormakaba, 
bttps:,//www.dormakaba.com/en/products/electronic- 
access-data/success-story, accessed June 25, 2019. 


. “Accelerate Business Performance: Precise Application 


Performance Platform,” Idera, https:/jvwww.idera 
.com/application-performance-monitoring/relational- 
database-performance, accessed April 28, 2019. 


. “Hospital | Honeywell,” Honeywell, https://www. 


honeywell.com/bealthcare/hospital, accessed April 28, 
2019. 


. Olavrsud, Thor, “United goes digital to ease overbook- 


flight aggravation,” CIO, bitps:/Avww.cio.com/ 
article/3402696/united-goes-digital-to-ease-overbooked- 
Slight-aggravation.html, accessed June 17, 2019. 

“43% of Businesses Are Still Running Windows 7, 
Security Threats Remain,” Help Net Security, 
bittps://www.helpnetsecurity.com/2019/01/1 5/still- 
running-windows-7/, accessed April 28, 2019. 

“What is Agile?,” Agile Methodology, bitp:// 
agilemethodology.org, accessed April 8, 2019. 

“Core Scrum: What is Scrum?,” ScrumAlliance, www 
scrumalliance.org/scrum/media/ScrumAllianceMedia/ 
Files%20and%20PDFs/Learn%20About%20Scrum/Core- 
Scrum.pdf, accessed April 8, 2019. 

“Learn About Scrum?,” Scrum Alliance, www 
scrumalliance.org/why-scrum, accessed April 8, 2019. 
“Core Scrum: What is Scrum?,” ScrumAlliance, www 
scrumalliance.org/scrum/media/ScrumAllianceMedia/ 
Files%20and%20PDFs/Learn%20About%20Scrum/Core- 
Scrum.pdf, accessed April 26, 2016. 

“Scrum Methodology,” My PM Expert, bitp:// 
scrummethodology.com/, accessed August 3, 2014. www 
.my-project-management-expert.com/the-advantages- 
and-disadvantages-of-agile-software-development.html, 
accessed August 3, 2014. 

Susan De Sousa, “The Advantages and Disadvantages 
of Agile Development,” My PM Expert, www. 
my-project-management-expert.com/the-advantages- 
and-disadvantages-of-agile-software-development.html, 
accessed April 28, 2019. 

“Extreme Programming,” Extreme Programming, www 
.extremeprogramming.org/rules.biml, accessed April 28, 
2019. 

Ernest Mueller, “What is DevOps?,” the agile admin, 
January 12, 2019, bitps://theagileadmin.com/ 
what-is-devops/. 

Ibid. 

Christopher Null, “10 Companies Killing It at DevOps,”, 
TechBeacon, https://techbeacon.com/devops/10- 
companies-killing-it-devops, accessed April 28, 2019. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


Glossary 


# 


5G (5th generation) The latest generation 
of mobile communications, featuring high 
data transfer speeds over high frequencies 
with minimal latency and requiring low 
energy. 


A 


acid properties Properties (atomicity, con- 
sistency, isolation, durability) that guarantee 
relational database transactions are pro- 
cessed reliably and ensure the integrity of 
data in the database. 


Agile development An iterative system 
development process that develops the 
system in “sprint” increments lasting from 
two weeks to two months. 


American Recovery and Reinvestment 
Act Title xiii Includes strong privacy provi- 
sions for electronic health records (EHRs), 
including banning the sale of health infor- 
mation, promoting the use of audit trails 
and encryption, providing rights of access 
for patients, and mandating that each indi- 
vidual whose health information has been 
exposed be notified within 60 days after 
discovery of a data breach. 


analytics The extensive use of data and 
quantitative analysis to support fact-based 
decision making within organizations. 


anonymous expression The expression of 
opinions by people who do not reveal their 
identity. 

antivirus software Should be installed on 
each user’s personal computer to scan a 
computer’s memory and disk drives regu- 
larly for viruses. 


application programming interfaces 
(APD A set of programming instructions 
and standards that enable one microservice 
to access and use the services of another 
microservice. 


application software Programs that help 
users solve particular computing problems. 


artificial intelligence (AI) The ability to 
mimic or duplicate the functions of the 
human brain. 


artificial intelligence (AI) system The 
people, procedures, hardware, software, 
data, and knowledge needed to develop 
computer systems and machines that can 
simulate human intelligence processes, 
including learning (the acquisition of 
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information and rules for using the infor- 
mation), reasoning (using rules to reach 
conclusions), and self-correction (using the 
outcome from one scenario to improve its 
performance on future scenarios). 


artificial neural network A computer sys- 
tem that can recognize and act on patterns 
or trends that it detects in large sets of data; 
developed to operate like the human brain. 


attack vector The technique used to 
gain unauthorized access to a device or a 
network. 


attribute A characteristic of an entity. 


augmented reality (AR) Vision system soft- 
ware that takes computer-generated images 

and superimposes them on a user’s view 

of the world through the use of specialized 

glasses or goggles. 


autonomic computing The ability of IT 
systems to manage themselves and adapt 
to changes in the computing environment, 
business policies, and operating objectives. 


B 


backward chaining A strategy used by the 
inference engine to determine how a deci- 
sion was made. 


backward compatibility The ability of 
current mainframes to run software created 
decades ago. 


batch processing system A form of data 
processing whereby business transactions 
are accumulated over a period of time and 
are processed as a single unit or batch. 


best practices The most efficient and effec- 
tive ways to complete a business process. 


big data The term used to describe data 
collections that are so enormous (terabytes 
or more) and complex (from sensor data 

to social media data) that traditional data 
management software, hardware, and anal- 
ysis processes are incapable of dealing with 
them. 


biometric authentication The process of 
verifying your identity using your physio- 
logical measurements (fingerprint, shape of 
your face, shape of your hand, vein pattern, 
your iris, or retina) or behavioral measure- 
ments (voice recognition, gait, gesture, or 
other unique behaviors). 


bioprinting The use of 3D printers to build 
human parts and organs from actual human 
cells. 


blade server A server that houses many 
individual computer motherboards that 
include one or more processors, computer 
memory, computer storage, and computer 
network connections. 


blog A Web site that people and businesses 
use to share their observations, experiences, 
and opinions on a wide range of topics. 


Bluetooth A wireless communications 
specification that describes how cell 
phones, computers, faxes, printers, and 
other electronic devices can be intercon- 
nected over distances of 10 to 30 feet at a 
rate of about 2 Mbps. 


botnet A large group of computers con- 
trolled from one or more remote locations 
by hackers without the knowledge or con- 
sent of their owners. 


brain computer interface (BCI) Technol- 
ogy that interacts with a human’s neural 
structure (brain) and translates the informa- 
tion (thoughts) into activity (actions). 


bring your own device (BYOD) A busi- 
ness policy that permits, and in some cases 
encourages, employees to use their own 
mobile devices (smartphones, tablets, or 
laptops) to access company computing 
resources and applications. 


bus A set of electronic circuits used to 
route data and instructions to and from the 
various components of a computer. 


bus network A network in which all net- 
work devices are connected to a common 
backbone that serves as a shared communi- 
cations medium. 


business continuity plan A document that 
includes an organization’s disaster recovery 
plan, occupant emergency evacuation plan, 
continuity of operations plan, and an inci- 
dent management plan. 


business intelligence (BD A wide range of 
applications, practices, and technologies for 
the extraction, transformation, integration, 
visualization, analysis, interpretation, and 
presentation of data to support improved 
decision making. 


business-to-consumer (B2C) e-commerce 
A form of e-commerce in which customers 
deal directly with an organization and avoid 
intermediaries. 


business-to-business (B2B) e-commerce A 
subset of e-commerce in which all the par- 
ticipants are organizations. 
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byte (b) Eight bits that together represent a 
single character of data. 


Cc 


cache memory A type of highspeed mem- 
ory that a processor can access more rap- 
idly than main memory. 


Cascading Style Sheet (CSS) A markup 
language for defining the visual design of a 
Web page or group of pages. 

certification A process for testing skills 
and knowledge. 


certificate authority (CA) A trusted third- 
party organization or company that issues 
digital certificates. 


change model A representation of change 
theories that identifies the phases of change 
and the best way to implement them. 


channel bandwidth The capacity of a com- 
munications channel to carry traffic, usu- 
ally measured in megabits bits per second 
(Gbps). 


Children’s Online Privacy Protection 

Act (COPPA) States that any Web site that 
caters to children must offer comprehensive 
privacy policies, notify parents or guard- 
ians about its data collection practices, and 
receive parental consent before collecting 
any personal information from children 
under 13 years of age. 


CIA security triad Confidentiality, integrity, 
and availability form the basis of the CIA 
security triad. 


client/server architecture This is a net- 
working approach wherein many clients 
(end-user computing devices) request 
and receive services from servers (host 
computers) on the network. 


clock speed A series of electronic pulses 
produced at a predetermined rate that 
affects machine cycle time. 


cloud computing A computing environ- 
ment where software and storage are 
provided as an Internet service and are 
accessed with a Web browser. 


cold site A computer environment that 
includes rooms, electrical service, telecom- 
munications links, data storage devices, and 
the like. 


communications management The gener- 
ation, collection, dissemination, and storage 
of project information in a timely and effec- 
tive manner. 


communications medium Any material 
substance that carries an electronic signal 
to support communications between a 
sending and a receiving device. 


compiler A special software program that 
converts the programmer’s source code into 
the machine-language instructions, which 
consist of binary digits. 


computer forensics A discipline that 
combines elements of law and computer 


science to identify, collect, examine, and 
preserve data from computer systems, net- 
works, and storage devices in a manner that 
preserves the integrity of the data gathered 
so that it is admissible as evidence in a 
court of law. 


computer graphics card A component of 
a computer that takes binary data from the 
CPU and translates it into an image you see 
on your display device. 


computer network The communications 
media, devices, and software connecting 
two or more computer systems or devices. 


computer-aided design (CAD) The use of 
software to assist in the creation, analysis, 
and modification of the design of a compo- 
nent or product. 


computer-aided engineering (CAE) The use 
of software to analyze the robustness and 
performance of components and assemblies. 


computer-aided manufacturing (CAM) 
The use of software to control machine 
tools and related machinery in the manu- 
facture of components and products. 


concurrency control A method of dealing 
with a situation in which two or more users 
or applications need to access the same 
record at the same time. 


consumer-to-consumer (C2C) e-commerce 
A subset of e-commerce that involves elec- 
tronic transactions between consumers 
using a third party to facilitate the process. 


content streaming A method for transfer- 
ring large media files over the Internet so 
that the data stream of voice and pictures 
plays more or less continuously as the file 
is being downloaded. 


continuous improvement A form of inno- 
vation that involves constantly seeking 
ways to improve business processes and 
add value to products and services. 


conversion funnel A graphical representa- 
tion that summarizes the steps a consumer 
takes in making the decision to buy your 
product and become a customer. 


coprocessor The part of the computer that 
speeds processing by executing specific 
types of instructions while the CPU works 
on another processing activity. 


core Receives instructions and performs 
calculations, or actions, based on those 
instructions. 


core competency Something that a firm 
can do well and that provides customer 
benefits, is hard for competitors to imitate, 
and can be leveraged widely to many prod- 
ucts and markets. 


core value A widely accepted principle that 
guides how people behave and make deci- 
sions in the organization. 


cost management A set of activities that 
includes the development and management 
of the project budget. 
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cost-reimbursable contract A contract that 
requires the buyer to pay the provider an 
amount that covers the provider’s actual 
costs plus an additional amount or percent- 
age for profit. 


critical path All project activities that, if 
delayed, would delay the entire project. 


Cross-Industry Process for Data Min- 

ing (CRISP-DM) A six-phase structured 
approach for the planning and execution of 
a data mining project. 


cryptocurrency A digital currency, such as 
Bitcoin, used for financial transactions. 


culture A set of major understandings and 
assumptions shared by a group, such as 
within an ethnic group or a country. 


customer relationship management 
(CRM) system A system that helps a 
company manage all aspects of customer 
encounters, including marketing, sales, 
distribution, accounting, and customer 
service. 


cutover The process of switching from an 
old information system to a replacement 
system. 


cyberespionage The deployment of 
malware that secretly steals data in the 
computer systems of organizations. 


cyberterrorism The intimidation of 
government or civilian population by 
using information technology to disable 
critical national infrastructure (e.g., energy, 
transportation, financial, law enforcement, 
emergency response) to achieve political, 
religious, or ideological goals. 


D 


data Raw facts such as an employee 
number or total hours worked in a 
week. 


data breach The unintended release of sen- 
sitive data or the access of sensitive data by 
unauthorized individuals. 


data center A climate-and-access-controlled 
building or a set of buildings that houses 
the computer hardware that delivers 

an organization’s data and information 
services. 


data cleansing The process of detecting 
and then correcting or deleting incomplete, 
incorrect, inaccurate, or irrelevant records 
that reside in a database. 


data collection Capturing and gathering all 
data necessary to complete the processing 
of transactions. 


data correction Reentering data that was 
not typed or scanned properly. 


data definition language (DDL) A collec- 
tion of instructions and commands used to 
define and describe data and relationships 
in a specific database. 


data dictionary A detailed description of 
the data stored in the database. 
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data editing Checking data for validity and 
completeness to detect any problems. 


data governance The core component 

of data management; it defines the roles, 
responsibilities, and processes for ensuring 
that data can be trusted and used by the 
entire organization, with people identified 
and in place who are responsible for fixing 
and preventing issues with data. 


data item The specific value of an 
attribute. 


data lake A “store everything” approach to 
big data that saves all the data in its raw 
and unaltered form. 


data lifecycle management (DLM) A policy- 
based approach to managing the flow of an 
enterprise’s data, from its initial acquisition 
or creation and storage to the time when it 
becomes outdated and is deleted. 


data management An integrated set of 
functions that defines the processes by 
which data is obtained, certified fit for use, 
stored, secured, and processed in such 

a way as to ensure that the accessibility, 
reliability, and timeliness of the data meet 
the needs of the data users within an 
organization. 


data manipulation language (DML) A 
specific language, provided with a DBMS, 
which allows users to access and modify 
the data, to make queries, and to generate 
reports. 


data mart A subset of a data warehouse 
that is used by small and medium-sized 
businesses and departments within large 
companies to support decision making. 


data mining A BI analytics tool used to 
explore large amounts of data for hidden 
patterns to predict future trends and 
behaviors for use in decision making. 


data normalization The process of 
organizing the data in a relational database 
to eliminate data redundancy (all data is 
stored in only one place) and ensure data 
dependencies make sense (only storing 
related data in a table). 


data processing Performing calculations 
and other data transformations related to 
business transactions. 


data scientist An individual who combines 
strong business acumen, a deep under- 
standing of analytics, and a healthy appre- 
ciation of the limitations of data, tools, and 
techniques to deliver real improvements in 
decision making. 


data steward An individual responsible for 
the management of critical data elements, 
including identifying and acquiring new 
data sources; creating and maintaining con- 
sistent reference data and master data defi- 
nitions; and analyzing data for quality and 
reconciling data issues. 


data storage Updating one or more data- 
bases with new transactions. 


data warehouse A large database that 
holds business information from many 
sources in the enterprise, covering all 
aspects of the company’s processes, prod- 
ucts, and customers. 


database A well-designed, organized, and 
carefully managed collection of data. 


database administrator (DBA) A skilled 
and trained IS professional who holds dis- 
cussions with business users to define their 
data needs; applies database programming 
languages to craft a set of databases to 
meet those needs; tests and evaluates data- 
bases; implements changes to improve the 
performance of databases; and assures that 
data is secure from unauthorized access. 


database approach to data management 
An approach to data management where 
multiple information systems share a pool 
of related data. 


database management system (DBMS) A 
group of programs used to access and man- 
age a database as well as provide an inter- 
face between the database and its users and 
other application programs. 


database as a service (DaaS) An arrange- 
ment where the database is stored on a ser- 
vice provider’s servers and accessed by the 
service subscriber over a network, typically 
the Internet, with the database administra- 
tion handled by the service provider. 


data-flow diagram (DFD) A diagram used 
during both the analysis and design phases 
to document the processes of the current 
system or to provide a model of a proposed 
new system. 


deep learning Allows programs to grow 
and learn from examples provided users, 
either typed or spoken. 


defamation The making of either an oral 
or a written statement of alleged fact that is 
false and that harms another person. 


Department of Homeland Security (DHS) 
A large federal agency with more than 
240,000 employees and a budget of almost 
$65 billion whose goal is to provide for a 
“safer, more secure America, which is resil- 
ient against terrorism and other potential 
threats.” 


descriptive analysis A preliminary data 
processing stage used to identify patterns in 
the data and answer questions about who, 
what, where, when, and to what extent. 


desktop computers A nonportable com- 
puter that fits on a desktop and can provide 
sufficient computing power, memory, and 
storage for most business computing tasks. 


development engine Engine that builds 
the sets of rules and processes used by AI 
systems. 


DevOps The practice of blending the 
tasks performed by the development and 
IT operations groups to enable faster and 
more reliable software releases. 


diffusion of information theory A theory 
developed by E.M. Rogers to explain how 
a new idea or product gains acceptance 
and diffuses (or spreads) through a specific 
population or subset of an organization. 


digital certificate An attachment to an 
email message or data embedded in a Web 
site that verifies the identity of a sender or 
Web site. 


direct conversion A cutover strategy that 
involves stopping the old system and start- 
ing the new system on a given date; also 
called plunge or direct cutover. 


disaster recovery plan A documented 
process for recovering an organization’s busi- 
ness information system assets—including 
hardware, software, data, networks, and 
facilities—in the event of a disaster such as a 
flood, fire, or electrical outage. 


discrete manufacturing The production of 
distinct items such as autos, airplanes, fur- 
niture, or toys that can be decomposed into 
their basic components. 


distributed denial-of-service (DDoS) 
attack A cyberattack in which a malicious 
hacker takes over computers via the Inter- 
net and causes them to flood a target site 
with demands for data and other small 
tasks. 


document production Generating output 
records, documents, and reports. 


domain The range of allowable values for a 
data attribute. 


domain expert The person or group with 
the expertise or knowledge the expert sys- 
tem is trying to capture (domain). 


domain name system A system that maps 
the name people use to locate a website 
to the IP address that a computer uses to 
locate a Web site. 


E 


economic feasibility The process of deter- 
mining whether the project makes financial 
sense and whether predicted benefits offset 
the cost and time needed to obtain them. 


e-discovery (electronic discovery) The 
process of identifying, collecting, and pro- 
ducing electronically stored information for 
use in legal cases. 


e-government (electronic government) 
The use of information and communica- 
tions technology to simplify the sharing of 
information, speed formerly paper-based 
processes, and improve the relationship 
between citizens and government. 


electronic cash An amount of money that 
is computerized, stored, and used as cash 
for e-commerce transactions. 


electronic exchange An electronic forum 
where manufacturers, suppliers, and com- 
petitors buy and sell goods, trade market 
information, and run back-office operations. 
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Electronic Product Environmental 
Assessment Tool (EPEAT) A system that 
enables purchasers to evaluate, compare, 
and select electronic products based on a 
total of 51 environmental criteria. 


encryption The process of scrambling mes- 
sages or data in such a way that only autho- 
rized parties can read it. 


encryption key A value that is applied 
(using an algorithm) to a set of unen- 
crypted text (plaintext) to produce 
encrypted text that appears as a series of 
seemingly random characters (ciphertext) 
that is unreadable by those without the 
encryption key needed to decipher it. 


end user license agreement (EULA) The 
legal agreement between the software man- 
ufacturer and the user of the software that 
stipulates the terms of usage. 


enterprise application Software used to 
meet organization-wide business needs 
and typically shares data with other 
enterprise applications used within the 
organization. 


enterprise data model A data model that 
identifies the data entities and data attri- 
butes of greatest interest to the organization 
along with their associated standard data 
definitions, data length and format, domain 
of valid values, and any business rules for 
their use. 


enterprise information system An infor- 
mation system that an organization uses 

to define structured interactions among 

its own employees and/or with external 
customers, suppliers, government agencies, 
and other business partners. 


enterprise system A system central to the 
organization that ensures information can 
be shared with authorized users across all 
business functions and at all levels of man- 
agement to support the running and man- 
aging of a business. 


entity A person, place, or thing for which 
data is collected, stored, and maintained. 


entity-relationship (ER) diagram A data 
model that uses basic graphical symbols to 
show the organization of and relationships 
between data. 


embedded system A computer system 
(including some sort of processor) that is 
implanted in and dedicated to the control 
of another device. 


ethics The set of principles about what 
is right and wrong that individuals use to 
make choices to guide their decisions. 


expert systems The decision-making com- 
puter systems in AI, designed to be the 
most advanced and most reliable in solving 
complex problems. 


explanation facility Component of an 
expert system that allows a user or decision 
maker to understand how the expert system 
arrived at certain conclusions or results. 


exploit An attack on an information system 
that takes advantage of a particular system 
vulnerability. 


Extensible Markup Language (XML) The 
markup language designed to transport and 
store data on the Web. 


Extract Transform Load (ETL) process A 
data handling process that takes data from 
a variety of sources, edits and transforms 
it into the format used in the data ware- 
house, and then loads this data into the 
warehouse. 


extranet A network built using Web tech- 
nologies that links selected resources of the 
intranet of a company with its customers, 
suppliers, or other business partners. 


extreme programming (XP) A form of 
Agile software development that promotes 
incremental development of a system using 
short development cycles to improve pro- 
ductivity and to accommodate new cus- 
tomer requirements. 


F 


failover A backup technique that involves 
automatically switching applications and 
programs to a redundant or replicated 
server, network, or database to prevent 
interruption of service. 


Fair and Accurate Credit Transactions Act 
Allows consumers to request and obtain 

a free credit report once each year from 
each of the three primary consumer credit 
reporting companies (Equifax, Experian, 
and TransUnion). 


Fair Credit Reporting Act Regulates the 
operations of credit-reporting bureaus, 
including how they collect, store, and use 
credit information. 


fair information practices A term for a set 
of guidelines that govern the collection and 
use of personal data. 


fake news A false story that is presented 
as being factually accurate and appears to 
be news. 


Family Educational Rights and Privacy 
Act (FERPA) Assigns certain rights to par- 
ents regarding their children’s educational 
records. 


feasibility analysis An assessment of the 
technical, economic, legal, operational, and 
schedule feasibility of a project. 


file A collection of similar entities. 


firewall A system of software, hardware, 
or a combination of both that stands guard 
between an organization’s internal net- 
work and the Internet, and limits network 
access based on the organization’s access 
policy. 

First Amendment Protects Americans’ 
rights to freedom of religion, freedom 

of expression, and freedom to assemble 
peaceably. 
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fixed-price contract A contract in which 
the buyer and provider agree to a total 
fixed price for a well-defined product or 
service. 


foreign key An attribute in one table that 
refers to the primary key in another table. 


forming-storming-norming performing 
adjourning model A model that describes 
how teams develop and evolve. 


forward chaining A strategy used by the 
inference engine to process data using a set 
of known facts to make decisions. 


four tiers of data center classification A 
system that enables organizations to quan- 
tify and qualify their ability to provide a 
predictable level of performance. 

Fourth Amendment Protects us from ille- 
gal searches and seizures. 


functional decomposition A technique 
that involves breaking down complex prob- 
lems or systems into smaller parts, making 
them easier to manage and understand. 


G 


Gantt chart A graphical tool used for plan- 
ning, monitoring, and coordinating projects; 
it is essentially a grid drawn on a timescale 
that lists activities and deadlines. 


General Data Protection Regulation 
(GDPR) A set of data privacy requirements 
that apply across the European Union and 
apply as well to organizations that market 
to or process information of EU end users, 
customers, or employees. 


genetic algorithm An approach to solving 
problems based on the theory of evolution; 
uses the concept of survival of the fittest to 
find approximate solutions to optimization 
and search problems. 


gigahertz (GHz) A unit of frequency that 
is equal to one billion cycles per second; a 
measure of clock speed. 


goal A specific result that must be achieved 
to reach an objective. 


goals-based strategic planning A mul- 
tiphase strategic planning process that 
involves analyzing an organization and its 
environment, defining strategies, and exe- 
cuting initiatives to help an organization 
meet its long-term goals and objectives. 


graphics processing unit (GPU) A power- 
ful processing chip that renders images on 
the screen display. 


green computing Concerned with the 
efficient and environmentally responsi- 
ble design, manufacture, operation, and 
disposal of IT-related products, includ- 
ing all types of computing devices (from 
smartphones to supercomputers), printers, 
printer materials such as cartridges and 
toner, and storage devices. 


grid computing The use of a collection 
of computers, often owned by multiple 
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individuals or organizations, that work in 
a coordinated manner to solve a common 
problem. 


H 


Hadoop An open-source software frame- 
work including several software modules 
that provide a means for storing and pro- 
cessing extremely large data sets. 


Hadoop Distributed File System (HDFS) 
A system used for data storage that 
divides the data into subsets and distrib- 
utes the subsets onto different servers for 
processing. 


hard disk drive (HDD) A direct access 
storage device used to store and retrieve 
data from rapidly rotating disks coated with 
magnetic material. 


hate speech Persistent or malicious harass- 
ment aimed at a specific person. 


hybrid cloud computing environment A 
cloud computing environment is composed 
of both private and public clouds integrated 
through networking. 


Health Insurance Portability and 
Accountability Act (HIPAA) (Public 
Law 104-191) Requires health care 
organizations to employ standardized 
electronic transactions, codes, and 
identifiers to enable them to fully digitize 
medical records, thus making it possible 
to exchange medical data over the 
Internet. 


heuristics A trial-and-error method of 
problem solving used when an algorith- 
mic or mathematical approach is not 
practical. 


high-quality software systems Systems 
that are easy to learn and use because they 
perform quickly and efficiently; they meet 
their users’ needs; and they operate safely 
and reliably so that system downtime is 
kept to a minimum. 


hot site A duplicate, operational hardware 
system that is ready for use (or immedi- 
ate access to one through a specialized 
vendor). 


HTML tag A code that tells the Web 
browser how to format text—as a heading, 
as a list, or as body text—and whether 
images, sound, and other elements should 
be inserted. 


hyperlink Highlighted text or graphics 
in a Web document that, when clicked, 
opens a new Web page containing related 
content. 


Hypertext Markup Language (HTML) The 
standard page description language for Web 
pages. 

hypervisor A virtual server program that 
controls the host processor and resources, 
allocates the necessary resources to each 
virtual system, and ensures that they do not 
disrupt each other. 


I 


identity theft The use of someone’s per- 
sonal identification information without his 
or her permission, often to commit fraud or 
other crimes. 


if-then statements A rule that suggests cer- 
tain conclusions. 


inference engine Part of the expert system 
that seeks information and relationships 
from the knowledge base and provides 
answers, predictions, and suggestions, often 
taking the place of the human experts. 


information A collection of data organized 
and processed so that it has additional 
value beyond the value of the individual 
facts. 


information system A set of interrelated 
components that work together to support 
fundamental business operations, data 
reporting and visualization, data analysis, 
decision making, communications, and 
coordination within an organization. 


infrastructure as a service (IaaS) An 
information systems model in which an 
organization outsources the equipment 
used to support its data processing oper- 
ations, including servers, storage devices, 
and networking components. 


in-memory database (IMDB) A database 
management system that stores the entire 
database in random access memory (RAM). 


innovation The application of new ideas to 
the products, processes, and activities of a 
firm, leading to increased value. 


input/output devices A computer compo- 
nent that provides data and instructions to 
the computer and receives results from it. 


installation The process of physically plac- 
ing the computer equipment on the site 
and making it operational. 


instant messaging The online, real-time 
communication between two or more peo- 
ple who are connected via the Internet. 


intangible benefit A benefit that cannot 
directly be measured and cannot easily be 
quantified in monetary terms. 


integrated circuit (IC) A set of electronic 
circuits on one small piece of semiconduc- 
tor material, normally silicon. 


integration testing Testing that involves 
linking all the individual components 
together and testing them as a group 

to uncover any defects in the interfaces 
between individual components. 


intelligent agent Programs and a knowl- 
edge base used to perform a specific task 
for a person, a process, or another program; 
also called an intelligent robot or bot. 


intelligent behavior The ability to learn 
from experiences and apply knowledge 
acquired from those experiences; to han- 
dle complex situations; to solve problems 
when important information is missing; to 


determine what is important and to react 
quickly and correctly to a new situation; 
to understand visual images, process and 
manipulate symbols, and be creative and 
imaginative; and to use heuristics. 


Internet backbone One of the Internet’s 
high-speed, long-distance communications 
links. 


Internet censorship The control or sup- 
pression of the publishing or accessing of 
information on the Internet. 


Internet filter Software that can be used 
to block access to certain websites that 
contain material deemed inappropriate or 
offensive. 


Internet service provider (ISP) Any orga- 
nization that provides Internet access to 
people. 


interorganizational IS An information sys- 
tem that enables sharing of information and 
conducting business electronically across 
organizational boundaries. 


intranet An internal corporate network 
built using Internet and World Wide Web 
standards and products. 


intrusion detection system (IDS) Soft- 
ware and/or hardware that monitors system 
and network resources and activities and 
notifies network security personnel when 

it detects network traffic that attempts to 
circumvent the security measures of a net- 
worked computer environment. 


IP address A 64-bit number that identifies 
a computer on the Internet. 


issues-based strategic planning A strate- 
gic planning process that begins by iden- 
tifying and analyzing key issues facing the 
organization, setting strategies to address 
those issues, and identifying projects and 
initiatives that are consistent with those 
strategies. 


J 


joining The combining of two or more 
tables through common data attributes to 
form a new table with only the unique data 
attributes. 


joint application development (JAD) 

A structured meeting process that can 
accelerate and improve the efficiency and 
effectiveness of the investigation, analysis, 
and design phases of a system development 
project. 


K 


kernel The heart of the operating system 
that controls the most critical processes of 
the OS. 


knowledge The awareness and 
understanding of a set of information and 
the ways that information can be made 
useful to support a specific task or reach a 
decision. 
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knowledge acquisition facility Part of the 
expert system that provides a convenient 
and efficient means of capturing and stor- 
ing all the components of the knowledge 
base. 


knowledge base A component of an expert 
system that stores all relevant information, 
data, rules, cases and relationships used by 
the expert system. 


knowledge engineer A person who has 
training or experience in the design, devel- 
opment, implementation, and maintenance 
of an expert system. 


knowledge user The person or group who 
uses and benefits from the expert system. 


L 


laptop A personal computer designed for 
use by mobile users, being small and light 
enough to sit comfortably on a user’s lap. 


Leavitt’s Diamond A model that states an 
organization’s information systems operate 
within a context of people, technology 
infrastructure, processes, and structure. 


legal feasibility The process of determin- 
ing whether laws or regulations may pre- 
vent or limit a system development project. 


linear programming A technique for find- 
ing the optimum value (largest or smallest, 
depending on the problem) of a linear 
expression (called the objective function) 
that is calculated based on the value of a 
set of decision variables that are subject to 
a set of constraints. 


local area network (LAN) A network that 
connects computer systems and devices 
within a small area, such as an office, 
home, or several floors in a building. 


Long Term Evolution (LTE) A standard for 
wireless communications for mobile phones 
based on packet switching. 


M 


machine learning The ability of a com- 
puter to learn without having a program- 
mer change the software for every scenario 
it encounters. 


magnetic tape A type of sequential second- 
ary storage medium, now used primarily for 
storing backups of critical organizational 
data in the event of a disaster. 


main memory The component of a com- 
puter that provides the CPU with a working 
storage area for program instructions and 
data. 


managed security service provider 
(MSSP) A company that monitors, manages, 
and maintains computer and network secu- 
rity for other organizations. 


mainframe computer A large, powerful 
computer often shared by hundreds of 
concurrent users connected to the machine 
over a network. 


make-or-buy decision The act of compar- 
ing the pros and cons of in-house produc- 
tion versus outsourcing of a given product 
or service. 


MapReduce program A composite pro- 
gram that consists of a Map procedure 
that performs filtering and sorting and a 
Reduce method that performs a summary 
operation. 


market segmentation The identification 
of specific markets to target them with tai- 
lored advertising messages. 


massively parallel processing systems A 
system that speeds processing by linking 
hundreds or thousands of processors to 
operate at the same time, or in parallel, 
with each processor having its own bus, 
memory, disks, copy of the operating sys- 
tem, and applications. 


memory A component of the computer 
that provides the processor with a working 
storage area to hold program instructions 
and data. 


mesh network A network that uses multi- 
ple access points to link a series of devices 
that speak to each other to form a network 
connection across a large area. 


metropolitan area network (MAN) A 
network that connects users and their com- 
puters in a geographical area that spans a 
campus or city. 


Michael Porter’s Five Forces Model A 
model that identifies the bargaining power 
of suppliers and buyers, the threat of new 
entrants and substitute products, and the 
existing industry competitors, which deter- 
mine the level of competition and long-term 
profitability of an industry. 


middleware Software that allows various 
systems to communicate and exchange 
data. 


mission statement A statement that con- 
cisely defines an organization’s fundamental 
purpose for existing. 


mission-critical process A process that 
plays a pivotal role in an organization’s con- 
tinued operations and goal attainment. 


mobile device management (MDM) soft- 
ware Software that manages and trouble- 
shoots mobile devices remotely, pushing 
out applications, data, patches, and settings 
while enforcing group policies for security. 


monitoring The process of measuring sys- 
tem performance by tracking the number 
of errors encountered, the amount of mem- 
ory required, the amount of processing or 
CPU time needed, and other performance 
indicators. 


Monte Carlo simulation A simulation that 
enables you to see a spectrum of thousands 
of possible outcomes, considering not only 
the many variables involved, but also the 
range of potential values for each of those 
variables. 


GLOSSARY 565 


multicore processor A processor that has 
two or more independent processing units, 
called cores, that are capable of sequencing 
and executing instructions. 


multiprocessing The simultaneous execu- 
tion of two or more instructions at the same 
time. 


N 


natural language processing (NLP) The 
part of machine language that allows 
computers to understand, analyze, manip- 
ulate, and generate natural language for 
processing. 


near field communication (NFC) A very 
short-range wireless connectivity technology 
that enables two devices placed within a 
few inches of each other to exchange data. 


nettop computers A very small, inexpen- 
sive desktop computer typically used for 
Internet access, email, accessing Web-based 
applications, document processing, and 
audio/video playback. 


network latency A measurement of how 
long it takes for a unit of data to get to its 
destination and back again. 


network-management software Software 
that enables a manager on a networked 
desktop to monitor the use of individual 
computers and shared hardware (such as 
printers), scan for viruses, and ensure com- 
pliance with software licenses. 


network operating system (NOS) Systems 
software that controls the computer systems 
and devices on a network and allows them 
to communicate with each other. 


network topology The shape or structure 
of a network, including the arrangement 
of the communication links and hardware 
devices on the network. 


next-generation firewall (NGFW) A 
hardware- or software-based network 
security system that can detect and block 
sophisticated attacks by filtering network 
traffic dependent on the packet contents. 


NoSQL database A way to store and retrieve 
data that is modeled using some means 
other than the simple two-dimensional tabu- 
lar relations used in relational databases. 


oO 


objective A statement of a compelling busi- 
ness need that an organization must meet 
to achieve its vision and mission. 


off-the-shelf software Software produced 
by software vendors to address needs that 
are common across businesses, organiza- 
tions, or individuals. 


omnichannel An integrated strategy for 
engaging customers (and potential custom- 
ers) across multiple platforms and channels 
of communication to provide a seamless 
experience. 
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online transaction processing (OLTP) A 
form of data processing where each trans- 
action is processed immediately without 
the delay of accumulating transactions into 
a batch. 


open-source software Software that is dis- 
tributed, typically for free, with the source 
code also available so that it can be studied, 
changed, and improved by its users. 


operating system (OS) A set of computer 

programs that controls the computer hard- 

ware and acts as an interface to application 
software. 


operational feasibility The process of 
determining how a system will be accepted 
by people and how well it will meet various 
system performance expectations. 


optical character recognition (OCR) 
Technology that distinguishes printed or 
handwritten text in a digital image, such 
as a scanned document, that is converted 
into a computer-generated document, such 
as a PDF. 


organic strategic planning A strategic 
planning process that defines the organiza- 
tion’s vision and values and then identifies 
projects and initiatives to achieve the vision 
while adhering to the values. 


organizational change The way in which 
for-profit and nonprofit organizations plan 
for, implement, and handle change. 


organizational culture The major under- 
standings and assumptions for a business, 
corporation, or other organization. 


P 


Pareto principle An observation that for 
many events, roughly 80 percent of the 
effects come from 20 percent of the causes. 


parallel processing The simultaneous exe- 
cution of the same task on multiple proces- 
sors to obtain results faster. 


parallel start-up A cutover strategy that 
involves running both the old and new 
systems for a set period of time and closely 
comparing the output of the new system 
with the output of the old system; any 
differences are reconciled. When users are 
comfortable that the new system is working 
correctly, the old system is eliminated. 


patch A minor system change to correct a 
problem or make a small enhancement; it is 
usually an addition to an existing program. 


perceptive system A system that approx- 
imates the way a person sees, hears, and 
feels objects. 


performance evaluation test A comparison 
of vendor options conducted in a comput- 
ing environment (e.g., computing hardware, 
operating system software, database man- 
agement system) and with a workload (e.g., 
number of concurrent users, database size, 
and number of transactions) that matches 
its intended operating conditions. 


perpetual license A license provided for 
one installation, with new software editions 
requiring new licenses; usually purchased 
by the bundle, called seats, and loaded on 
individual computers. 


personal area network (PAN) A network 
that supports the interconnection of infor- 
mation technology devices close to one 
person. 


personal information system An informa- 
tion system that improves the productivity 
of individual users in performing stand- 
alone tasks. 


personalization The process of tailoring 
Web pages to specifically target individual 
consumers. 


phase-in approach A cutover strategy that 
involves slowly replacing components of 
the old system with those of the new one; 
this process is repeated for each applica- 
tion until the new system is running every 
application and performing as expected; it 
is also called a piecemeal approach. 


pilot start-up A cutover strategy that 
involves running the complete new system 
for one group of users rather than for all 
users. 


platform as a service (PaaS) An informa- 
tion systems model in which users are pro- 
vided with a computing platform, typically 
including operating system, programming 
language execution environment, database 
services, and Web server. 


podcast An audio broadcast you can listen 
to over the Internet. 


portable computers A computer small 
enough to carry easily. 


predecessor task A task that must be com- 
pleted before a later task can begin. 


predictive analytics A set of techniques 
used to analyze current data to identify 
future probabilities and trends, as well 
make predictions about the future. 


primary key An attribute or set of attri- 
butes that uniquely identifies the record. 


private cloud computing environment A 
single-tenant cloud. 


problem statement A clear, concise 
description of the issue that needs to be 
addressed. 


procedure A set of steps that need to be 
followed to achieve a specific end result, 
such as entering a customer order, paying 
a supplier invoice, or requesting a current 
inventory report. 


process A structured set of related activities 
that takes input, adds value, and creates an 
output for the customer of that process. 


process manufacturing The production of 
products—such as soda, laundry detergent, 
gasoline, and pharmaceutical drugs—that 
are the result of a chemical process; these 
products cannot be easily decomposed into 
their basic components. 


procurement management A set of activi- 
ties related to the acquisition of goods and/ 
or services for the project from sources out- 
side the performing organization. 


product backlog A prioritized list of 
project requirements created by the 
stakeholders and project team members; 
from this list, the team selects the highest 
priorities. 

product lifecycle management (PLM) An 
enterprise business strategy that creates a 
common repository of product information 
and processes to support the collaborative 
creation, management, dissemination, and 
use of product and packaging definition 
information. 


product lifecycle management (PLM) 
software Software that provides a means 
for managing the data and processes associ- 
ated with the various phases of the product 
lifecycle, including sales and marketing, 
research and development, concept devel- 
opment, product design, prototyping and 
testing, process design, production and 
assembly, delivery and product installation, 
service and support, and product retirement 
and replacement. 


product owner A person who represents 
the project stakeholders and is responsible 
for communicating and aligning project pri- 
orities between the stakeholders and devel- 
opment team. 


professional code of ethics A statement of 
the principles and core values that that an 
organization wishes to develop in its lead- 
ers and members. 


programming languages Sets of key- 
words, commands, symbols, and rules 

for constructing statements by which 
humans can communicate instructions to a 
computer. 


project A temporary endeavor that creates 
an actionable plan, allowing organizations 
to achieve their goals and objectives—often 
the creation of a unique product, service, 
or result. 


project champion A well-respected man- 
ager with a passion to see a project succeed 
and who removes barriers to the success of 
the project. 


project deadline The date the entire proj- 
ect should be completed and operational— 
when the organization can expect to begin 
to reap the benefits of the project. 


project integration management The 
coordination of all appropriate people, 
resources, plans, knowledge, and efforts to 
complete a project successfully. 


project management The application of 
knowledge, skills, and techniques to project 
activities to meet project requirements. 


project milestone A critical date for com- 
pleting a major part of the project, such as 
program design, coding, testing, and release 
(for a programming project). 
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project resource management A set of 
activities designed to identify, acquire, and 
manage resources for a project. 


project risk An uncertain event or con- 
dition that, if it occurs, has a positive or a 
negative effect on a project objective. 


project schedule A plan that identifies 
the project activities that must be com- 
pleted, the expected start and end dates, 
and what resources are assigned to each 
task. 


project scope A definition of which tasks 
are and which tasks are not included in a 
project. 


project sponsor A senior manager from the 
business unit most affected by a project and 
who ensures the project will indeed meet 
the needs of his or her organization. 


project stakeholders The people involved 
in the project or those affected by its 
outcome. 


project steering team A group of senior 
managers representing the business and IS 
organizations that provide guidance and 
support to a project. 


projecting Manipulating data to eliminate 
columns in a table. 


proprietary software One-of-a-kind soft- 
ware designed for a specific application and 
for an individual company, organization, or 
person that uses it. 


public cloud computing environment A 
computing environment in which a service 
provider organization owns and manages 
the infrastructure (including computing, 
networking, storage devices, and support 
personnel) with cloud user organizations 
(called tenants) accessing slices of shared 
resources via the Internet. 


Q 


quality The degree to which a project 
meets the needs of its users. 


quality assurance The evaluation of the 
progress of the project on an ongoing basis 
to ensure that it meets the identified quality 
standards. 


quality control The checking of project 
results to ensure that they meet identified 
quality standards. 


quality management A set of activities 
designed to ensure that a project will meet 
the needs for which it was undertaken. 


quality planning The determination of 
which quality standards are relevant to the 
project and determining how they will be 
met. 


R 


radio frequency identification (RFID) A 
technology that employs a microchip with 
an antenna to broadcast its unique identi- 
fier and location to receivers. 


random access memory (RAM) A form of 
memory in which instructions or data can 
be temporarily stored. 


ransomware Malware that stops you from 
using your computer or accessing your data 
until you meet certain demands. 


read-only memory (rom) A nonvolatile 
form of memory. 


reasonable assurance The recognition 
that managers must use their judgment to 
ensure that the cost of control does not 
exceed the system’s benefits or the risks 
involved. 


record A collection of attributes about a 
specific entity. 

redundant array of independent/ 
inexpensive disks (RAID) A method of 
storing data that generates extra bits of 
data from existing data, allowing the sys- 
tem to create a “reconstruction map” so 
that if a hard drive fails, the system can 
rebuild lost data. 


reengineering (process redesign/ 
business process reengineering [BPR]) 
The radical redesign of business processes, 
organizational structures, information sys- 
tems, and values of the organization to 
achieve a breakthrough in business results. 


regression analysis A method for deter- 
mining the relationship between a depen- 
dent variable and one or more independent 
variables. 


reinforced learning Machine learning 
using trial and error on an unlabeled data 
set. Learning is gained through positive and 
negative feedback. 


relational database model A simple but 
highly useful way to organize data into 
collections of two-dimensional tables called 
relations. 


release A significant program change that 
often requires changes in the documenta- 
tion of the software. 


request for information (RFI) A document 
that outlines an organization’s hardware 

or software needs and requests informa- 
tion from vendors about if and how they 
can meet those needs and the time and 
resources required. 


Right to Financial Privacy Act Protects the 
records of financial institutions’ customers 
from unauthorized scrutiny by the federal 
government. 


risk assessment The process of assessing 
security-related risks to an organization’s 
computers and networks from both internal 
and external threats. 


risk management A deliberate and system- 
atic process designed to identify, analyze, 
and manage project risks. 


risk owner The individual responsible for 
developing a risk management strategy and 
monitoring the project to determine if the 
risk is about to occur or has occurred. 
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robotics Technology using a combination 
of mechanical engineering, computer sci- 
ence, and machine learning to create a 
device that can perform tasks with a high 
degree of precision. 


router A network device that directs data 
packets to other networks until each packet 
reaches its destination. 


rule A conditional statement that links con- 
ditions to actions or outcomes. 


S 


safety-critical system A system whose fail- 
ure may cause human injury or death. 


scalability The ability to increase the pro- 
cessing capability of a computer system 
so that it can handle more users, more 
data, or more transactions in a given 
period. 


schedule feasibility The process of deter- 
mining whether the project can be com- 
pleted within a desired time frame. 


schedule management A set of activities 
that includes defining an achievable com- 
pletion date that is acceptable to the project 
stakeholders, developing a workable project 
schedule, and ensuring the timely comple- 
tion of the project. 


scenario analysis A process for predicting 
future values based on certain potential 
events. 


schema A description that defines the log- 
ical and physical structure of the database 
by identifying the tables, the attributes in 
each table, and the relationships between 
attributes and tables. 


scope management A set of activities that 
include defining the work that must be 
done as part of a project and then con- 
trolling the work to stay within the agreed- 
upon scope. 


Scrum An Agile development framework 
that emphasizes a team-based approach 
in order to keep the development effort 
focused and moving quickly. 


Scrum master The person who coordinates 
all the Scrum activities of a team. 


search engine A valuable tool that enables 
you to find information on the Web by 
specifying words that are key to a topic of 
interest, known as keywords. 


search engine optimization (SEO) A 
process for driving traffic to a Web site by 
using techniques that improve the site’s 
ranking in search results. 


secondary storage A device that stores 
large amounts of data, instructions, and 
information more permanently than 
allowed with main memory. 


Section 230 of the CDA Provides immu- 
nity to an Internet service provider (ISP) 
that publishes user-generated content, pro- 
vided its actions do not rise to the level of a 
content provider. 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 


Copyright 2021 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). 
Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. 


568 GLOSSARY 


security audit A process that enables the 
organization to identify its potential threats, 
establish a benchmark of where it is, deter- 
mine where it needs to be, and develop a 
plan to meet those needs. 


security policy Defines an organization’s 
security requirements, as well as the con- 
trols and sanctions needed to meet those 
requirements. 


self-service analytics Training, techniques, 
and processes that empower end users to 
work independently to access data from 
approved sources to perform their own 
analyses using an endorsed set of tools. 


selecting Manipulating data to eliminate 
rows according to certain criteria. 


semiconductor fabrication plant A factory 
where integrated circuits are manufactured; 
also called a fab or a foundry. 


semi-supervised learning Machine learn- 
ing using a combination of supervised and 
unsupervised learning techniques. 


server A computer employed by many 
users to perform a specific task, such as 
running network or Internet applications. 


server farm A facility that houses a large 
number of servers in the same room, where 
access to the machines can be controlled 
and authorized support personnel can more 
easily manage and maintain the servers. 


server virtualization A method of logically 
dividing the resources of a single physical 
server to create multiple logical servers, 
each acting as its own dedicated machine. 


service-oriented architecture (SOA) A 
software design approach based on the use 
of discrete pieces of software (modules) 

to provide specific functions as services to 
other applications. 


shadow IT The information systems and 
solutions built and deployed by depart- 
ments other than the information systems 
department. 


site preparation Preparation of the loca- 
tion of a new system. 


slack time The amount of time an activity 
can be delayed without delaying the entire 
project. 


slipstream upgrade A minor system 
upgrade—typically a code adjustment or 
minor bug fix; it usually requires recom- 
piling all the code, and in so doing, it can 
create entirely new bugs. 


smart city Cities that make use of data 
from sensors combined with artificial intel- 
ligence to improve infrastructure and effi- 
ciently manage traffic lights, power plants, 
water supplies, networks, energy usage, 
and other resources. 


soft side of implementing change The 
work designed to help employees embrace 
a new information system and way of 
working. 


software defect Any error that, if not 
removed, could cause a software system to 
fail to meet its users’ needs or open a door 
for a cyberattacker. 


software as a service (SaaS) A software 
distribution model under which a third- 
party provider hosts applications and 
makes them available to subscribers over 
the Internet. 


software suite A collection of programs 
packaged together and sold in a bundle. 


software-defined networking (SDN) An 
emerging approach to networking that 
allows network administrators to have pro- 
grammable central control of the network 
via a controller without requiring physical 
access to all the network devices. 


solid state storage device (SSD) A storage 
device that stores data in memory chips 
rather than on hard disk drives or optical 
media. 


source data automation Capturing data at 
its source and recording it accurately in a 

timely fashion, with minimal manual effort 
and in an electronic or digital form so that 


it can be directly entered into the computer. 


sponsoring business unit The business 
unit most affected by the project and the 
one whose budget will cover the project 
costs. 


SQL A special-purpose programing lan- 
guage for accessing and manipulating data 
stored in a relational database. 


stakeholder management A set of activ- 
ities that involves identifying, engaging, 
communicating with all the people, groups, 
or organizations who are or could be 
impacted by a project. 

star network A network in which all 
network devices connect to one another 


through a single central device called the 
hub node. 


storefront broker A company that acts as 
an intermediary between your Web site and 
online merchants who have the products 
and retail expertise. 


strategic planning A process that helps 
managers identify desired outcomes and 
formulate feasible plans to achieve their 
objectives by using available resources and 
capabilities. 

strategy A plan that describes how an 


organization will achieve its vision, mission, 
objectives, and goals. 


streaming A form of data collection, where 
data is available through a continuous feed. 


Strengths, Weaknesses, Opportunities, 
Threats (SWOT) matrix A simple way 
to illustrate what a company is doing 
well, where it can improve, what oppor- 
tunities are available, and what environ- 
mental factors threaten the future of the 
organization. 


structure A definition of the relationships 
among the members of an organization 
including their roles, responsibilities, and 
lines of authority necessary to complete 
various activities. 


subject matter expert someone who pro- 
vides knowledge and expertise in a particu- 
lar aspect important to the project. 


supercomputers One of the most 
powerful computer systems with the 
fastest processing speeds. 


supervised learning Machine learning 
using a labeled data set and examples 
to produce output that is compared to a 
predefined correct output. 


supply chain A key value chain whose 
primary processes include inbound 
logistics, operations, outbound logistics, 
marketing and sales, and service. 


supply chain management (SCM) A sys- 
tem that includes planning, executing, and 
controlling all activities involved in raw 
material sourcing and procurement, the 
conversion of raw materials to finished 
products, and the warehousing and delivery 
of finished products to customers. 


switch is a network device that keeps a 
record of the MAC (Media Access Control) 
address of all the devices connected to it 
and uses this information to determine 

to which port a frame of data should be 
directed. 


system analysis The phase of system 
development that focuses on gathering 
data on the existing system, determining 
the requirements for the new system, 
considering alternatives within identified 
constraints, and investigating the feasibility 
of alternative solutions. 


system construction The phase of system 
development that converts the system 
design into an operational system by 
acquiring and installing hardware and 
software, coding and testing software 
programs, creating and loading data into 
databases, and performing initial program 
testing. 


system development The set of activities 
involved in building information systems to 
meet users’ needs. 


system design The stage of system 
development that answers the question, 
“How will the information system solve a 
problem?” 


system disposal A stage of system 
development that involves those activi- 
ties that ensure the orderly dissolution 

of the system, including disposing of all 
equipment in an environmentally friendly 
manner, closing out contracts, and safely 
migrating information from the system to 
another system or archiving it in accor- 
dance with applicable records manage- 
ment policies. 
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system investigation The initial phase in 
the development of a new or modified busi- 
ness information system whose purpose is 
to gain a clear understanding of the specif- 
ics of the problem to solve or the opportu- 
nity to address. 


system investigation report A summary of 
the results of the system investigation, with 
a recommendation of a course of action. 


system maintenance A stage of systems 
development that involves changing and 
enhancing the system to make it more useful 
in achieving user and organizational goals. 


system operation The use of a new or 
modified system under all kinds of operat- 
ing conditions. 


system review The process of analyzing 
a system to make sure it is operating as 
intended. 


system software Software that includes 
operating systems, utilities, and middleware 
that coordinate the activities and func- 
tions of the hardware and other programs 
throughout the computer system. 


system testing Testing the complete, inte- 
grated system (hardware, software, data- 
bases, people, and procedures) to validate 
that the information system meets all speci- 
fied requirements. 


T 


tablet A portable, lightweight computer 
with no keyboard that allows you to roam 
the office, home, or factory floor carrying 
the device like a clipboard. 


tangible benefit A benefit that can be 
measured directly and assigned a monetary 
value. 


technical documentation Written details 
used by computer operators to execute the 
program and by analysts and programmers 
to solve problems or modify the program. 


technical feasibility The process of deter- 
mining whether a project is feasible within 
the current limits of available technology. 


technical resource A subject matter expert 
in an IS topic of value to the project. 


technology acceptance model (TAM) A 
model that specifies the factors that can 
lead to better attitudes about an informa- 
tion system, along with higher acceptance 
and usage of it. 


technology infrastructure All the hard- 
ware, software, databases, networks, facil- 
ities, and services used to develop, test, 
deliver, control, or support the information 
technology applications and services an 
organization requires to meet the needs of 
its customers, suppliers, key business part- 
ners, regulatory agencies, and employees. 


text analysis A process for extracting value 
from large quantities of unstructured text 
data. 


thin client A low-cost, centrally managed 
computer with no internal or external 
attached drives for data storage. 


time and material contract A contract that 
requires the buyer to pay the provider for 
both the time and materials required to 
complete the contract. 


time series analysis The use of statistical 
methods to analyze time series data and 
determine useful statistics and characteris- 
tics about the data. 


transaction processing cycle The process 
of data collection, data editing, data cor- 
rection, data processing, data storage, and 
document production. 


Transmission Control Protocol/Internet 
Protocol (TCP/IP) A collection of commu- 
nication protocols used to interconnect net- 
work devices on packet switching networks 
such as the Internet. 


Transport Layer Security (TLS) A commu- 
nications protocol or system of rules that 
ensures privacy between communicating 
applications and their users on the Internet. 


U 


Uniform Resource Locator (URL) A Web 
address that specifies the exact location of 
a Web page using letters and words that 
map to an IP address and a location on the 
host. 


unit testing Testing of individual compo- 
nents of code (subroutines, modules, and 
programs) to verify that each unit performs 
as designed. 


unsupervised learning Machine learning 
using an unlabeled data set and no exam- 
ples. The data is labeled through observa- 
tions, and learning is through observation. 


upskill The practice of training a workforce 
to perform higher-skilled roles to ensure 
they meet their full potential. 


U.S. Computer Emergency Readiness 
Team (US-CERT) A partnership between 
the Department of Homeland Security and 
the public and private sectors; established 
to provide timely handling of security inci- 
dents as well as conducting improved anal- 
ysis of such incidents. 


user acceptance document A formal agree- 
ment that the organization signs stating that 
a phase of the installation or the complete 
system is approved. 


user acceptance testing (UAT) Testing 
performed by trained system users to verify 
that the system can complete required tasks 
in a real-world operating environment and 
perform according to the system design 
specifications. 


user documentation Written descriptions 
developed for people who use a program; 
in easy-to-understand language, it shows 
how the program can and should be used 
to meet the needs of its various users. 
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user preparation The process of readying 
managers, decision makers, employees, 
other users, and stakeholders to accept and 
use the new system. 


utility programs A program that helps to 
perform maintenance or correct problems 
with a computer system. 


v 


version A major program change, typically 
encompassing many new features. 


video analysis The process of obtaining 
information or insights from video footage. 


virtual private network (VPN) A secure 
connection between two points on the 
Internet; VPNs transfer information by 
encapsulating traffic in IP packets and 
sending the packets over the Internet. 


virtual tape A storage device for less 
frequently needed data. With virtual tape 
systems, data appears to be stored entirely 
on tape cartridges, although some parts of 
it might actually be located on faster hard 
disks. 


virtualization tools A set of tools that 
allow users to access their desktop oper- 
ating system hosted in the cloud on a cen- 
tralized server—meaning users can interact 
with files and applications as if they were 
stored on a local device. 


virus signature Code that indicates the 
presence of a specific virus. 


vision A concise statement of what an orga- 
nization intends to achieve in the future. 


vision statement A statement that com- 
municates an organization’s overarching 
aspirations to guide it through changing 
objectives, goals, and strategies (see also 
mission statement). 


vision systems The hardware and software 
that permit computers to capture, store, and 
manipulate visual images. 


visual analytics The presentation of data in 
a pictorial or graphical format. 


volume testing Testing to evaluate the per- 
formance of the information system under 
varying yet realistic work volume and oper- 
ating conditions to determine the work load 
at which system performance begins to 
degrade and to identify and eliminate any 
issues that prevent the system from reach- 
ing its required service-level performance. 


w 


waterfall system development process A 
sequential, multistage system development 
process in which work on the next stage 
cannot begin until the results of the current 
stage are reviewed and approved or modi- 
fied as necessary. 


Web 2.0 The Web as a computing platform 
that supports software applications and the 
sharing of information among users. 
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Web browser Web client software—such 
as Chrome, Edge, Firefox, Internet 
Explorer, and Safari—used to view Web 
pages. 

wide area network (WAN) A network that 
connects large geographic regions. 


Wi-Fi A medium-range wireless commu- 
nications technology brand owned by the 
Wi-Fi Alliance. 


wireless communication The transfer of 
information between two or more points 
that are not connected by an electrical 
conductor. 


word cloud A visual depiction of a set of 
words that have been grouped together 


because of the frequency of their occurrence. 


work breakdown structure (WBS) An 
outline of the work to be done to complete 
the project. 


workgroup application software Software 
designed to support teamwork, whether 
team members are in the same location or 
dispersed around the world. 


workgroup information system Systems 
that support teamwork and enable peo- 
ple to work together effectively, whether 


team members are in the same location or 
dispersed around the world. 


workstations A more powerful personal 
computer used for mathematical computing, 
computer-assisted design, and other high- 
end processing but still small enough to fit 
on a desktop. 


Z 


zero-day attack An attack that takes 
place before the security community 
becomes aware of and fixes a security 
vulnerability. 
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popular BI/analytics software, 232 security dashboard, 47 
predictive analytics, 227-229 security policies, 44-45 
self-service analytics, 2532-234 security strategy, 42 
simulation, 230-231 using managed security service provider (MSSP), 57 
text analysis, 231 CIO (Chief Information Officer), 6, 16 
video analysis, 231-232 client/server architecture 
business intelligence developer, 419 Cascading Style Sheet (CSS), 267-268 
business process reengineering (BPR), 464 domain name system, 264-265 
Business Technology Optimization (BTO), 543 Extensible Markup Language (XML), 267 
business-to-business (B2B) e-commerce, 315-316, 320 hyperlinks, 265-266 
business-to-consumer (B2C) e-commerce, 317-320 Hypertext Markup Language (HTML), 266-267 
bus network, 248 clock speed, 114 
buying off-the-shelf software, 508-512 cloud computing, 293-298 
finalizing contract, 511 data disaster recovery planning, 533 
implementation, 512 hybrid, 297-298 
integration and testing, 511 private, 296 
software package evaluation phase, 509-511 public, 293-296 
BYOD (bring your own device), 31 code of ethics, 74 
byte (B), 116 cold site, 533 
commercial off the-shelf (COTS) software, 508 
c common personal computer input devices, 120 
Communications Decency Act (CDA), 90-91 
CA (certificate authority), 350 communications management, 482-483 
cache memory, 117 communications media, 247, 251-257 
CAD (computer-aided design), 386 4G wireless communications, 256-257 
CAE (computer-aided engineering), 386 5G wireless communications, 257 
CAM (computer-aided manufacturing), 387 guided transmission media types, 251 
careers microwave transmission, 255-256 
certification, 19 wireless transmission, 252-255 
in information systems, 15-20 communications software 
other IS, 18 network operating system, 258-259 
Cartesian robots, 433 software-defined networking, 259 
Cascading Style Sheet (CSS), 267-268 compiler, 156 
C2C (consumer-to-consumer) e-commerce, 319, 320 compliance departments, 532 
central processing unit (CPU), 113 CompTIA (Computer Technology Industry 
certificate authority (CA), 350 Association), 75 
certification, 19 computer(s) 
change model, 466 desktop, 129 
channel bandwidth, 250 input devices, 120-123 
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mainframe, 130-131 
memory, 116 
multiple-user, 127 
nettop, 129 
network, 247 
nonportable, 127 
operational supercomputers, 132 
output devices, 123-126 
portable, 127-129 
processors, 114-116 
secondary storage, 117-120 
servers, 130 
special-purpose, 139 
storage units, 116 
supercomputers, 131-132 
thin client, 129 
types of, 126-133 
workstation, 129-130 
computer-aided design (CAD), 386 
computer-aided engineering (CAE), 386 
computer-aided manufacturing (CAM), 387 
computer-based information system (CBIS), 4 
computer forensics, 57-58 
computer-generated imagery (CGD), 111 
computer graphics card, 123 
computer incidents, reasons for, 31-32 
bring your own device (BYOD), 31 
growing reliance on software with known 
vulnerabilities, 31-32 
increase in prevalence of bring your own device 
(BYOD) policies, 31 
increasing computing complexity, 31 
increasing sophistication of those who would do 
harm, 32 
computer network, 247 
computers 
nonportable, single-user, 129-130 
quantum, 132-133 
Computer Technology Industry Association 
(CompTIA), 75 
concurrency control, 183 
conferencing, 274 
consequences, of successful cyberattack 
business disruption, 38-39 
direct impact, 38 
consumer-to-consumer (C2C) e-commerce, 
319, 320 
contact data, importing, 384 
contact management, 384 
content streaming, 275 
Continuous Application Availability, 533 
continuous education, 19-20 
continuous improvement, 465-466 
controls 
design system, 526-527, 531-532 
system, 526-527 
conversion funnel, 225-226 
COPA (Child Online Protection Act), 94 


COPPA (Children’s Online Privacy Protection Act), 80 


coprocessor, 115 
core, 113 
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core competency, 469 
core value, 454 
corporate and individual accountability, 68 
corporate social responsibility, 69-72 
cost management, 477 
cost-reimbursable contract, 487 
COTS (commercial off the-shelf software), 508 
couponing, 337-338 
CPU (central processing unit), 113 
credit card, 352-353 
crime risk assessment, 42-43 
CRISP-DM (Cross-Industry Process for Data 
Mining), 228 
critical path, 475 
Cross-Industry Process for Data Mining 
(CRISP-DM), 228 
cryptocurrency, 423 
CSS (Cascading Style Sheet), 267-268 
culture, 466 
current operating system, 140-148 
customer relationship management (CRM) system, 
383-385 
highly rated, 385 
key features of, 384 
customer support, 384 
cutover, 541-543 
cyberattacks 
consequences of a, 38-39 
cyberespionage, 36-37 
cyberterrorism, 37-38 
data breach, 35-36 
distributed denial-of-service attacks, 35 
ransomware, 33-35 
cybercrimes, 30-40 
classifying perpetrators of, 33 
computer incidents, 31-32 
federal laws for, 39-40 
cyberespionage, 36-37 
cyberterrorism, 37-38 


DaaS (database as a service), 193 
DAMA (Data Management Association), 194-195 
DARPA (Defense Advanced Research Projects 
Agency), 431 
data, 174 
backup, 546 
breach, 29, 35-36 
cleansing, 185 
creation and loading for system development, 536 
design, 185-187 
differences from information, 174-175 
hierarchy, 177-179 
high-quality data (see quality of data) 
normalization, 191 
relational database manipulation, 189-191 
sensitive, deletion, 546 
types of, 174 
data analysts, 420 
data analytics, 423 
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database(s), 173 
activities, 180-185 
attributes, 178-179 
creating database, 181-182 
data definition language, 181 
data dictionary, 181 
designing, 534 
entities, 177 
generating reports, 183-184 
manipulating data, 183-184 
modifying, 181-182 
NoSQL, 217-218 
primary key, 179 
Query by Example, 183 
retrieving data, 182-183 
SQL, 191-192 
database administrator (DBA), 196 
database applications, 151 
database approach to data management, 179-180 
database as a service (DaaS), 193 
database management system (DBMS), 180 
backup service, 185 
creating database, 181-182 
generating reports, 183-184 
manipulating data, 183-184 
modifying database, 181-182 
recovery service, 185 
retrieving data, 182-183 
security management, 184 
storing data, 182-183 
user view, 180-181 
database model, relational, 188-191 
data breach, 29, 35-36 
data center, 134-135 
data collection, 372-374 
data correction, 374 
data definition language (DDL), 181, 534 
data dictionary, 181, 534 
data editing, 374 
data encryption, 51, 53 
data entry, 120 
data-flow diagram (DFD), 524-527 
data-flow line, 525 
data governance, 195 
data input, 124 
data item, 178 
data lakes, 216-217 
data lifecycle management (DLM), 196-197 
data management, 194-197 
Data Management Association (DAMA), 194-195 
data manipulation language (DML), 184 
data mart, 216 
data mining, 227-229 
data model, 185 
enterprise, 186 
data modeling, 526 
data processing, 374 
data scientist, 222-223, 418 
data steward, 196 
data storage, 374 
data warehouses, 214-216 
DBA (database administrator), 196 


DDL (data definition language), 181, 534 

DDoS (distributed denial-of-service) attack, 35 
debit card, 352-353 

decision implementation, 74 

decision making, ethical considerations in, 72-74 
decode instruction, 113 

deep learning, 428 

defamation, 92 


Defense Advanced Research Projects Agency (DARPA), 431 


demand management, 381 
Department of Homeland Security (DHS), 38 
descriptive analysis, 224-227 
desktop computers, 129 
detailed scheduling, 382 
development engine 
DevOps, 549-550 
DFD (data-flow diagram), 524-527 
DHS (Department of Homeland Security), 38 
diffusion of innovation theory, 468 
digital certificate, 350 
direct conversion, 541 
direction-setting phase 
core value, 454 
goals, 455-456 
initiatives and programs, 456 
mission statement, 454 
objectives, 454 
projects, 456 
strategy, 456 
vision, 454 
disaster recovery plan, 43, 532-533 
discrete manufacturing, 388 
display screen, 123-124 
distributed denial-of-service (DDoS) attack, 35 
DLM (data lifecycle management ), 196-197 
document production, 375 
domain, 177 
domain expert, 414 
domain name system (DNS), 264-265 
DRAM (dynamic random access memory), 117 
dynamic random access memory (DRAM), 117 


eBay, 277 
e-book readers, 145 


e-commerce. See electronic commerce (e-commerce) 


economic feasibility, 518 
e-discovery (electronic discovery), 292 
education, World Wide Web, 271 
e-government, 320-321 
EHR (electronic health record) software, 512 
EHR (electronic health record) systems, 425-426 
electronic cash, 351-352 
electronic commerce (e-commerce) 
advantages, 322-324 
advertising, 335-336 
after-sales service, 327 
banking, 339 
bartering, 337-338 
business-to-business, 315-316, 320 
business-to-consumer, 317-320 
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categories of, 315 overcoming challenges in implementing, 389-391 
challenges, 327-331 product lifecycle management, 385-389 
consumer privacy concerns, 328-329 supply chain management (SCM), 381-383 
e-government, 320-321 entity, 177 
finance, 338 entity-relationship (ER) diagram, 187, 189 
flow of goods and information, 323-324 entity symbol, 525 
improved customer service, 324 entrepreneurs and transaction processing systems, 371-372 
increase accuracy, 324 EPEAT (Electronic Product Environmental Assessment 
investment, 338 Tool), 136 
manufacturing, 332-334 eradication effort, 55 
marketing, 334-335 ER (entity-relationship) diagrams, 526 
multistage model, 324-327 ethical issues, 72-74 
overcoming consumers lack of trust, 329-330 in developing quality software, 97-99 
overcoming global issues, 330-331 ethical versus legal, 69 
personalized shopping, 339, 340 ethics, 68-76 
products and services delivery, 326 ETL (Extract, Transform, Load), 216 
purchase products and services electronically, 326 EULA (End User License Agreement), 157 
reaching new customers, 323 EUVL (extreme ultraviolet lithography), 114 
reduced costs, 323 execute instruction, 113 
search and identification, 325 expert systems, 409-415 
select and negotiate, 326 capabilities of, 411-412 
software, 348, 349 characteristics of, 410-411 
strategies for successful, 341-345 components of, 412-414 
technology infrastructure, 346-353 domain expert, 414 
wholesale, 332 explanation facility, 414 
electronic data interchange (EDD, 9 inference engine, 413-414 
electronic exchange, 332-334 knowledge acquisition facility, 414 
electronic health record (EHR) software, 512 knowledge base, 412-413 
electronic health record (EHR) systems, 425-426 knowledge engineer, 414 
electronic payment systems, 349-353 knowledge user, 415 
certificate authority, 350 participants in developing and using, 414-415 
charge card, 352-353 user interface, 414 
credit card, 352-353 expert system shell, 414 
debit card, 352-353 explanation facility, 414 
digital certificate, 350 exploits, on information system, 31 
electronic cash, 351-352 exploits, types of 
smart card, 352-353 advanced persistent threat (APT), 34 
transport layer security, 351 blended threat, 34 
Electronic Product Environmental Assessment Tool cyberespionage, 36-37 
(EPEAT), 136 cyberterrorism, 37-38 
embedded operating system, 144-145 distributed denial-of-service (DDoS) attack, 35 
embedded system, 144 identity theft, 35 
employee protection, 71 phishing, 34 
encryption, 49 ransomware, 33-35 
encryption key, 49 spam, email, 34 
End User License Agreement (EULA), 157 Trojan horse, 34 
enterprise application software, 155 virus, 34 
enterprise data model, 186 worms, 34 
enterprise information system, 8 Extensible Markup Language (XML), 267 
enterprise operating system, 144 Extract, Transform, Load (ETL), 216 
enterprise resource planning (ERP) system extranets, 279-280 
advantages of, 377-380 extreme programming (XP), 549 
best practices, 379 extreme ultraviolet lithography (EUVL), 114 
decision making, 377-378 
human-machine learning partnership, 378 F 
legacy systems, 378-379 
technology infrastructure upgrades, 379-380 fab/foundry, 114 
work processes improvement, 379-380 failover, 44, 533 
enterprise sphere of influence, 140 Fair and Accurate Credit Transactions Act, 78 
enterprise systems, 376 Fair Credit Reporting Act, 78 
customer relationship management, 383-385 Fair information practices, 77 
hosted software model for, 391-392 fake news, 95-96 
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fake news sites, 96 

Family Educational Rights and Privacy Act (FERPA), 80 

FCC (Federal Communications Commission), 253 

feasibility analysis, 518-520, 528, 534 

Federal Communications Commission (FCC), 253 

Federal Financial Institutions Examination Council, 350 

Federal Information Security Management Act of 2002 
(FISMA), 19 

federal laws for cybercrimes, 39-40 

Federal Trade Commission (FTC), 328 

FERPA (Family Educational Rights and Privacy Act), 80 

fetch instruction, 113 

5G wireless communication, 257, 301 

file, 177 

file-compression utilities, 146 

finance, 338 

financial data, 77-78 

firewall, 48 

First Amendment, 86-87 

FISA (Foreign Intelligence Surveillance Act), 84-85 

FISMA (Federal Information Security Management 
Act of 2002), 19 

fixed-price contract, 487 

flat-panel displays, 123 

Flickr, 270 

Foreign Intelligence Surveillance Act (FISA), 84-85 

foreign key, 179 

forming-storming-norming-performing-adjourning 
model, 479 

forward chaining, 413 

Fourth Amendment, 82 

4G wireless communications, 256-257 

four tiers of data center classification, 135 

freedom of speech, 86-88 

freelancers, 18 

FTC (Federal Trade Commission), 328 

functional decomposition, 517, 524 


GAAP (Generally Accepted Accounting Principles), 19 

Gantt chart, 475, 477 

G2B (government-to-business) e-commerce, 320 

G2C (government-to-citizen) e-commerce, 320 

General Data Protection Regulation (GDPR), 77, 177 

Generally Accepted Accounting Principles (GAAP), 19 

genetic algorithms, 229, 230, 416 

geographic information system (GIS), 279 

geolocation, 278-279 

Geostationary Operational Environmental Satellite 
program, 256 

geotagging, 279 

G2G (government-to-government) e-commerce, 320 

gigahertz (GHz), 114 

GIS (geographic information system), 279 

Global Terrorism Database (GTD), 178 

goal, 455-456 

goals-based strategic planning, 451 

good business practices, 71 

Google Chrome, 266 

Google Maps, 278-279 

government surveillance, 82-86 


government-to-business (G2B) e-commerce, 320 
government-to-citizen (G2C) e-commerce, 320 
government-to-government (G2G) e-commerce, 320 
graphics processing unit (GPU), 124 

green computing, 135-137, 136 

grid computing, 115 

guided transmission media types, 251 


Hadoop, 218-219 
Hadoop Distributed File System (HDFS), 219 
hard disk drive (HDD), 118 
hardware 
bus, 113 
central processing unit, 113 
desktop computer, 129 
disposal, 546-547 
mainframe, 130-131 
memory, 116 
mobile commerce, 349 
nettop, 129 
secondary storage, 117-120 
supercomputers, 131-132 
tablet, 128-129 
utilities, 145-147 
workstation, 129-130 
hate speech, 90 
HDD (hard disk drive), 118 
HDFS (Hadoop Distributed File System), 219 
healthcare fraud, 427-428 
health information, 78-79 
Health Insurance Portability and Accountability Act 
(HIPAA), 19, 79, 177, 297 
help desk, 543 
heuristics, 409 
hierarchy of data, 177-179 
high-quality data. See quality of data 
high-quality software systems, 97 
HIPAA (Health Insurance Portability and 
Accountability Act), 19, 79, 297 
hosted software model 
advantages and disadvantages of, 391 
enterprise systems, 391-392 
hot site, 532 
HTML (Hypertext Markup Language), 266-267 
HTML tags, 266-267 
human-readable data, 120 
hybrid cloud computing, 297-298 
hybrid cloud computing environment, 297 
hyperlinks, 265-266 
Hypertext Markup Language (HTML), 266-267 
hypervisor, 143 


IaaS (infrastructure as a service), 294 

IBM Healthcare Provider Data Model, 186 

IC (integrated circuit), 114 

IDE (integrated development environment), 156 
identity theft, 35, 328 

IDS (intrusion detection system), 53-54 
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IEEE-CS (Institute of Electrical and Electronics Engineers 
Computer Society), 75 
IFRS (international Financial Reporting Standards), 19 
IF-THEN statements, 413 
image data, 174 
IMDB (in-memory database), 219-220 
implementation tasks, key, 512 
incident 
containment, 55 
follow-up, 55-56 
notifications, 54-55 
Independent Computer Consultants Association, 75 
individual efforts to protect privacy, 81 
industrial robots 
articulated robot, 433 
Cartesian robots, 433 
SCARA robots, 433 
inference engine, 413-414 
information, 174 
data, 174-175 
value of, 175 
information system (IS), 4-11 
careers in, 15-20 
computer-based, 4 
ethical issues, 72-74 
means to achieve competitive advantage, 5-8 
strategic planning, 11-14 
types of, 8-9 
value chain, 10-11 
information systems and freedom of expression 
Internet censorship, 88-96 
measures protecting freedom of speech, 86-88 
information systems and government surveillance, 82-86 
information systems and privacy 
individual efforts to protect privacy, 81 
measures protecting personal data, 77-80 
web site privacy policy, 80 
information systems security analyst, 16 
information system strategic planning 
identifying projects and initiatives, 460-461 
organizational strategy, 459-460 
prioritizing projects and initiatives, 461-462 
infrastructure as a service (IaaS), 294 
inkjet printers, 124 
innovation, 463-464 
input devices 
bar-code scanners, 121 
common personal computer input devices, 120 
data entry, 120 
data input, 124 
definition, 113 
optical data readers, 120-121 
pen devices, 122 
RFID devices, 121-122 
scanning devices, 120 
touch screens, 122-123 
input/output devices, 120-123 
installation, 541 
instant messaging, 273-274 
Institute of Electrical and Electronics Engineers Computer 
Society (IEEE-CS), 75 
intangible benefit, 462 
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integrated circuit (IC), 114 
integrated development environment (IDE), 156 
integrated software packages, 152 
integration testing, 511, 538 
intelligent agent, 416 
intelligent behavior, 407 
International Financial Reporting Standards 
(IFRS), 19 
Internet 
accessing, 263 
backbone, 261 
intranets, 279 
IP addresses, 261 
network hardware, 261-262 
online conferencing, 274 
routing, 262 
shopping, 276-278 
Web applications and, 269-279 
works of, 261-262 
World Wide Web, 263 
Internet censorship, 88-90 
Internet Corporation for Assigned Names 
and Numbers (ICANN), 265 
Internet filter, 91 
Internet of Things (IoT), 299-306 
autonomous vehicles, 301 
business benefits of, 302 
connected devices, 300 
5G networks, 301 
home automation, 300 
potential issues with, 303 
smart cities, 300-301 
types of, 302-303 
wearable devices, 300 
Internet pornography censoring, 93-95 
Internet protocol (IP), 261 
Internet service provider (ISP), 263 
interorganizational IS, 9 
intranets, 279 
intrusion detection system (IDS), 53-54 
IP (Internet protocol), 261 
IP addresses, 261 
IS entrepreneurs, 18 
ISP (Internet service provider), 263 
issues-based strategic planning, 451 


J 


JAD (joint application development), 516-517 
job information, 271-272 

joining data, 189 

joint application development (JAD), 516-517 
journalism, 95 


kernel, 138 

knowledge, 174 

knowledge acquisition facility, 414 
knowledge base, 412-413 
knowledge engineer, 414 
knowledge user, 415 
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L 


LAN (local area network), 249-250 
laptop, 128 

Large Hadron Collider (LHC), 132 
laser printers, 124 

lead time, 382 

Leavitt’s Diamond, 5 

legal feasibility, 520 

legal versus ethical, 69 

LexisNexis, 273 

LHC (Large Hadron Collider), 132 
licenses, 157 

LifeKeeper, 533 

linear programming, 229-230 
LinkedIn, 272 

Linux operating system, 142 
LinxCRM, 536 

local area network (LAN), 249-250 
logical access path (LAP), 182 
Long Term Evolution (LTE), 256 
long-term profitability, 452 

lot size, 382 

low earth orbit (LEO) satellite system, 255 
LTE (long term evolution), 256 


machine learning, 420 
across industries, 422-428 
data analytics and cybersecurity, 423 
engineer, 419 
healthcare, 425-428 
insurance, 423-424 
logistics and supply chain management, 424-425 
semi-supervised learning, 422 
supervised learning, 421 
training, 420-422 
unsupervised learning, 421-422 
Mac operating systems, 141 
Mac OS X Server, 143 
magnetic tape, 118 
mainframe computer, 130-131 
main memory, 116 
make-or-buy decision, 486 
MAN (metropolitan area network), 250 
managed security service provider (MSSP), 57 
managers’ role, information systems, 5-8 
manipulating data, 189-191 
manufacturing, electronic commerce, 332-334 
manufacturing processors, 114 
MapReduce program, 219 
marketing, 334-335 
marketing automation, 384 
market intelligence data, 175 
market segmentation, 335 
mark sense form, 121 
massively parallel processing system, 115 
materials requirement planning (MRP), 382 
m-commerce. See mobile commerce (m-commerce) 
memory, 113 
cache memory, 117 
definition, 113 


main memory, 116 
random access memory, 116-117 
read-only memory, 117 
types of, 117 
menu-creation software, 536 
menu-driven system, 530 
mesh networks, 248 
metropolitan area network (MAN), 250 
Michael Porter’s Five Forces Model, 452 
microblogging, 274 
Microsoft Disk Operating System (MS-DOS), 141 
Microsoft Outlook, 140 
Microsoft PC operating systems, 141 
Microsoft Windows 10, 141 
microwave transmission, 255-256 
middleware, 147 
mission-critical processes, 44, 532 
mission statement, 454 
mobile application software, 153-154 
mobile commerce (m-commerce) 
advertising, 335-336 
banking, 339 
bartering, 337-338 
effective model, 341 
finance, 338 
investment, 338 
manufacturing, 332-334 
marketing, 334-335 
personalized shopping, 339, 340 
in perspectives, 322 
software, 349 
strategies for successful, 341-345 
technology infrastructure, 346-353 
Websites, 322 
mobile device management (MDM) software, 258-259 
mobile devices, accessing, 384 
monitoring, 543-544 
Monte Carlo simulation, 231 
M-Pesa, 339 
MRP (materials requirement planning), 382 
MS-DOS (Microsoft Disk Operating System), 141 
MSSP (managed security service provider), 57 
multicore processor, 114 
multiprocessing, 115 
multithreading, 140 


National Integrated Ballistic Information Network 
(NIBIN), 178 
National Syndromic Surveillance Program (NSSP), 182 
natural language processing (NLP), 428-429 
navigation, 278-279 
near field communication (NFC), 254-255 
.NET, 535 
nettop, 129 
nettop computer, 129 
network 
client/server architecture, 263-268 
communications media, 251-257 
communications software, 258-259 
computer, 247 
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network diagram, 476 
network latency, 250 
network-management software, 258 
network operating system (NOS), 258-259 
Network Professional Association, 75 
network topology, 247-248 
bus network, 248 
mesh networks, 248 
star network, 247 
network types 
local area network, 249-250 
metropolitan area network, 250 
personal area network, 249 
wide area network, 250 
news feeds, 274 
next-generation firewall (NGFW), 48 
NFC (near field communication), 254-255 
NGFW (next-generation firewall), 48 
nonportable, single-user computers 
desktop computers, 129 
nettop computer, 129 
thin clients, 129 
workstations, 129-130 
NOS (network operating system), 258-259 
NoSQL database, 217-218 
notebooks, 128 


objective, 454 
OCR (optical character recognition), 120-121 
Offshore Leaks Database, 178 
off-the-shelf software, 150 
OLTP (online transaction processing), 368 
omnichannel, 316 
OMR (optical mark recognition), 120-121 
online transaction processing (OLTP), 214, 368 
open source software, 157-159 
openSUSE operating system, 142 
operating system (OS), 138 
Apple Computer, 141-142 
current, 140-148 
embedded, 144-145 
enterprise, 144 
Google, 142 
hardware functions, 139 
kernel, 138 
Linux, 142 
multiple computers with multiple users, 139 
role of, 138 


single computer with multiple simultaneous users, 139 


single computer with single user, 139 
special-purpose computers, 139 
by sphere of influence, 140 
task management, 139-140 
workgroup, 142 
operational feasibility, 520 
operational supercomputers, 132 
optical character recognition (OCR), 120-121, 424 
optical data readers, 120-121 
optical mark recognition (OMR), 120-121 
optical storage device, 118 
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order processing and purchasing, 9 
organic strategic planning, 451 
organization(s) 

implement detection systems, 53-54 

response to attacks, 54-56 

risk assessment, 42-43 

security policy, 44-45 
organizational change, 466 
organizational culture, 466 
output devices 

definition, 113 

display screen, 123-124 

printers and plotters, 124-125 

3D printers, 125-126 


P 


PaaS (platform as a service), 294-295 
PAN (personal area network), 249 
parallel processing, 115-116 
parallel start-up, 542 
Pareto principle (80-20 rule), 528 
patch, 545 
Payment Card Industry-Data Security Standard 
(PCI-DSS), 177 
payroll, 9 
pen input device, 122 
perceptive system, 409 
performance evaluation test, 510 
perpetual license, 506 
personal application software 
database applications, 151 
examples of, 151 
integrated software packages, 152 
mobile application software, 153-154 
other, 152-153 
personal information management, 151 
presentation graphics program, 152 
software suites, 152 
spreadsheet analysis, 151 
word-processing applications, 151 
personal area network (PAN), 249 
personal data protection, 77-80 
personal information system, 8 
personalization, 345 
personal productivity software, 151 
personal sphere of influence, 140 
phase-in approach, 542 
phishing, 34 
piecemeal approach, 542 
pilot start-up, 542 
Pixar, 111 
platform as a service (PaaS), 294-295 
plotters, 124-125 
plunge, 541 
podcast, 275 
portable computer, 127 
laptop, 128 
notebooks, 128 
smartphones, 127-128 
tablet, 128-129 
predecessor task, 475 
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predictive analytics, 227-229 project milestone, 475 
data mining, 227-229 project organization, 481 
time series analysis, 227 project risks, 483 
presentation graphics program, 152 assessment of, 484 
prevention of attack identification of, 484 
installing antivirus software, 53 project schedule, 475 
safeguard against attacks by malicious insiders, 53 project scope, 469 
security audit, 45 project sponsor, 481 
security dashboard, utilizing, 47 project stakeholders, 473 
price comparison, 337 project steering team, 481 
primary key, 179 project variables 
printers, 124-125 cost, 470-471 
privacy quality, 472 
individual efforts to protect, 81 scope, 469-470 
measures protecting personal data, 77-80 time, 471-472 
web site privacy policy, 80 user expectations, 472 
private cloud computing environment, 296 proprietary software, 149 
problem statement, 72-73 proxy server, 50-51 
procedure, 7 PRTG Network Monitor, 146 
process, 7 public cloud computing, 293-296 
process manufacturing, 388 benefits of, 294 
processor issues with, 295-296 
manufacturing, 114 types of services, 294-295 
multiprocessing, 115 public cloud computing environment, 293 
phases of processing, 113 purchasing systems, 370, 382 
process redesign, 464 
process resource management, 479-482 Q 
process symbol, 525 
procurement management, 486-487 QBE (Query by Example), 183 
product backlog, 548 quality, 472 
production, 382 quality assurance, 479 
product lifecycle management (PLM), 385-389 quality control, 479 
benefits of, 389 quality management, 479 
business strategy, 387 quality of data 
scope of software, 386-387 characteristics of, 175, 176 
software products, 388 ensure compliance, 177 
product lifecycle management (PLM) software, 386 improve decision making, 175 
product owner, 548 improve innovation, 177 
professional code of ethics, 74-75 increase customer satisfaction, 175-176 
programmers, 17 increase sales, 176-177 
programming languages, 155-156 raise productivity, 177 
project, 456, 468 quality planning, 479 
project budget, 478 quantum computers, 132-133 
project champion, 481 Query by Example (QBE), 183 
project deadline, 475 Quintessentially, 340-341 
projecting data, 189 20Q Web site, 408 
project integration management, 487-488 
project management, 473 R 
complexity levels, 469 
core competency, 469 radio frequency identification (RFID) tag, 121 
variables, 469-473 RAID (redundant array of independent/inexpensive 
project management knowledge areas disks), 119 
communications management, 482-483 random access memory (RAM), 116 
cost management, 477 ransomware, 33-35 
procurement management, 486-487 Raskin, Jef, 530 
project integration management, 487-488 read-only memory (ROM), 117 
project resource management, 479-482 reasonable assurance, 43 
quality management, 479 record, 179 
risk management, 483, 484-486 Red Hat Linux, 142 
schedule management, 475-477 redundant array of independent/inexpensive disks 
scope management, 474-475 (RAID), 119 
stakeholder management, 488-489 reengineering, 464-465 
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regression analysis, 227 
regulatory standards compliance, 46 
reinforced learning, 422 
relational database model, 188 
building and modifying, 191 
characteristics, 188 
linking data tables, 189, 190 
release, software, 545 
report generator software, 536 
request for information (RFD, 509 
request for maintenance form, 545 
respondeat superior, 71 
response for attacks 
eradication efforts, 55 
incident containment, 55 
incident follow-up, 55-56 
response to attacks 
incident notifications, 54-55 
protection of evidence and activity logs, 55 
retail Web sites, 322 
retargeting, 337 
RFI (request for information), 509 
RFID (radio frequency identification), 121 
Right to Financial Privacy Act, 78 
risk assessment, crime, 42-43 
risk management, 483, 484-486 
risk management plan, 485 
risk owner, 485 
robotics, 432-433 
industrial robots, 433-434 
industry applications, 434-435 
robotics scientist, 419 
robotic tape backup system, 119 
ROM (read-only memory), 117 
rootkit, 34 
router, 48-49, 261-262 
rule, 413 


S 


SaaS (software as a service), 150-151, 295 

safety-critical system, 97-98 

sales and operations plan (S&OP), 381 

sales forecasting, 381 

sales management, 384 

sales ordering, 382 

sample stakeholder analysis matrix, 483 

Sarbanes-Oxley Act, 19 

scalability, 130 

scanning devices, 120 

SCARA (Selective Compliance Assembly Robot Arm) 
robots, 433-434 

scenario analysis, 230 

schedule feasibility, 520 

schedule management, 475-477 

schema, 180 

SCM (supply chain management), 381-383 

scope management, 474-475 

Scrum, 547 

Scrum master, 548 

SDKs (software development kits), 156 

SDN (software-defined networking ), 259 
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search engine optimization (SEO), 272-273 
search engines, 272-273, 428 
secondary storage 
cost comparison with forms of storage, 118 
definition, 118 
devices, 118-120 
magnetic, 118-120 
optical, 118 
solid state, 119-120 
Section 230 of the CDA, 90 
Section 814 of the USA Patriot Act, 39 
security 
and system requirements, 526-527 
systems design, 531-532 
Websites, 330 
security audit, 45 
security dashboard, utilizing, 47 
security education, 51-52 
security policy, organizations, 44-45 
selecting data, 189 
Selective Compliance Assembly Robot Arm (SCARA) 
robots, 433-434 
self-service analytics, 232-234 
semiconductor fabrication plant, 114 
semi-supervised learning, 422 
SEO (search engine optimization), 272-273 
server, 130 
server blade, 134 
server farm, 133-134 
Server Message Block (SMB), 34 
server virtualization, 143-144 
service-oriented architecture (SOA), 147 
shadow IT, 19 
shopping online, 276-278 
sign-on procedure, 530 
single-user license, 157 
site preparation, 541 
slack time, 475 
slipstream upgrade, 545 
small and medium-sized enterprises (SMEs), 371-372 
smart card, 352-353 
smart city, 300 
SMART goals, 456 
smartphones, 127-128 
SMEs (small and medium-sized enterprises), 371-372 
smishing, 34 
SOA (service-oriented architecture), 147 
social media sites, 96 
social networking, 384 
social Web, 269-271 
soft side of implementing change, 466 
software 
application, 138 
buying off-the-shelf, 508-512 
coding for system development, 535-536 
commercial off the-shelf, 508 
enterprise application, 155 
licenses, 157 
menu-creation, 536 
mobile commerce, 349 
off-the-shelf, 150 
open-source software, 157-159 
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software (Continued) 
proprietary, 149 
release, 545 
report generator, 536 
spending, 138 
system, 138 
version, 545 
workgroup application, 154 
software as a service (SaaS), 150-151, 295 
advantages of, 505-506 
disadvantages of, 506-507 
software codes, 535-536 
software defect, 97 
software-defined networking (SDN), 259 
software developer, 16, 419 
software development kits (SDKs), 156 
software package evaluation phase, 509-511 
identifying potential solutions, 509 
making selection, 511 
researching top contenders, 510 
selecting top contenders, 510 
software piracy, 68 
software product planning and 
development, 389 
software suites, 152 
solid state storage device (SSD), 119 
source data automation, 373 
spam, email, 34 
special-purpose computers, 139 
sphere of influence, 140 
sponsoring business unit, 470 
spreadsheet analysis, 151 
SQL (Structured Query Language), 191-193 
SQL databases, 191-193 
SRAM (static random access memory), 117 
SSD (solid state storage device), 119 
stakeholder management, 488-489 
star network, 247 
static random access memory (SRAM), 117 
status updates, 274 
steering team, 521, 535 
storefront broker, 343 
strategic planning 
benefits, 12, 450 
defining strategies, 456-457 
definition, 11, 450 
deploy plan, 457 
direction-setting phase, 453-456 
goals-based, 451 
information system, 12-14 
issues-based, 451 
organic, 451 
situation analysis, 451-453 
strategic planning pyramid 
core value, 454 
goal, 455-456 
mission statement, 454 
strategies, 456 
vision, 454 
vision/mission statement, 454 
strategy, 456-457 


streaming, 373 
Strengths, Weaknesses, Opportunities, Threats 
(SWOT) matrix, 453 
structure, 8 
Structured Query Language (SQL), 191-193 
subject matter expert, 482 
subscribe 
buy vs. build, 502-504 
supercomputers, 131-132 
supervised learning, 421 
supply chain, 10 
supply chain management (SCM), 381-383 
switch, 261 
syntax, 155 
SysAdmin, Audit, Network, Security (SANS) 
Institute, 75 
Sysinternals Suite, 146 
system analysis, 522-529 
additional candidates for, 528 
alternative solutions, 528 
budget development, 522 
draft report, 529 
feasibility analysis, 528 
identifying requirements and prioritizing them, 
523-527 
reviewing results, 529 
study existing system, 522-523 
team recruitment, 522 
system construction, 535-537 
coding software components, 535-536 
creating and loading data, 536 
unit testing, 537 
system design, 529-535 
design database, 534 
designing user interface, 530-532 
disaster recovery plan, 532-533 
draft preparation of, 534-535 
report, 535 
result review, 535 
schedule and budget development, 530 
security and controls, 531-532 
team recruitment, 530 
system development, 504 
system disposal, 545-546, 547 
communicate intent, 546 
data backup, 546 
delete sensitive data, 546 
hardware dispose, 546-547 
terminate contracts, 546 
system implementation, 539-543 
cutover, 541-543 
installation, 541 
site preparation, 541 
user preparation, 540 
system integration, 537-539 
system investigation, 514-521 
budget development, 515 
feasibility analysis, 518-520, 528, 534 
functional decomposition, 517 
joint application development, 516-517 
report, 520 
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request, 515 
result review, 521 
system investigation request, 515 
tasks during, 516 
team recruitment, 515 
system maintenance, 544-545 
system on a chip, 127 
system operation, 543-544 
system performance, 527 
system review, 544 
systems analysts, 17 
system software, 138 
current operating system, 140-148 
embedded operating system, 144-145 
middleware, 147 
operating system, 138-140 
utility programs, 145-147 
workgroup operating system, 142 
system testing, 511, 537, 538, 539 


T 


tablet, 128-129 
TAM (technology acceptance model), 540 
tangible benefit, 462 
task management, 139-140 
TCP/IP (Transmission Control Protocol/Internet 
Protocol), 261 
technical documentation, 536 
technical feasibility, 518 
technical resource, 482 
technology acceptance model (TAM), 467, 540 
technology infrastructure, 7, 346-353 
testing, 537-539 
text analysis, 231 
thin client, 129 
thin clients, 129 
3D printers, 125-126 
time 
and material contract, 487 
project variables, 471-472 
time series analysis, 227 
TLS (transport layer security), 350 
touch screens, 122-123 
traditional systems development life cycle coding 
software components, 535-536 
training, World Wide Web, 271 
transaction processing cycle, 372 
transaction processing systems (TPSs) 
accounting systems, 370 
activities, 372-375 
batch processing system, 367-368 
data collection, 372-374 
data correction, 374 
data editing, 374 
data processing, 374 
data storage, 374 
document production, 375 
enterprise resource planning, 376-381 
for entrepreneurs, 371-372 
objectives, 367-371 


SUBJECT INDEX 583 


online transaction processing, 368 
order processing systems, 369-370 
overview of, 366-367 
point-of-sale, 373 
purchasing systems, 370 
for small and medium-sized enterprises, 371-372 
translators, 429 
Transmission Control Protocol/Internet Protocol 
(TCP/IP), 261 
transport layer security (TLS), 49, 350 
travel, 278-279 
Trojan horse, 34 


UAT (user acceptance testing), 538-539 
unfavorable publicity, 71-72 
Uniform Resource Locator (URL), 264-265 
Uniting and Strengthening America by Providing 
Appropriate Tools Required to Intercept and Obstruct 
Terrorism (USA PATRIOT Act), 85 
unit testing, 537 
universal serial bus (USB) flash drive, 120 
nix operating system, 143 
nsupervised learning, 421-422 
pskill, 418 
SA Freedom Act, 85 
SA PATRIOT Act (Uniting and Strengthening America by 
Providing Appropriate Tools Required to Intercept and 
Obstruct Terrorism), 85 
U.S. Bureau of Labor Statistics (BLS), 15 
US-CERT (U.S. Computer Emergency Readiness Team), 38 
U.S. Computer Emergency Readiness Team (US-CERT), 38 
user acceptance document, 539 
user acceptance testing (UAT), 538-539 
for new accounting system, 547 
user documentation, 536 
user interface, 414 
designing, 530-532 
user preparation, 540 
user satisfaction, 467 
utility programs, 145-147 


CECS eE 


V 


value chain, 10-11 
vendor-managed inventory (VMD, 9 
version, software, 545 

video analysis, 231-232 

video data, 174 

video RAM (VRAM), 124 
virtualization tools, 292 

Virtual Private Cloud (VPC), 296 
virtual private network (VPN), 50-51, 280 
virtual tape, 119 

virus, 34 

virus signature, 53 

vishing, 34 

vision, 454 

vision/mission statement, 454 
vision systems, 415-416 
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visual analytics, 225 wireless transmission, 252-255 
volume testing, 511, 538 word cloud, 225 
VPC (Virtual Private Cloud), 296 word-processing applications, 151 
VPN (virtual private networks), 50-51 work breakdown structure (WBS), 475 
vulnerabilities, software, 31-32 workgroup, 140 
workgroup application software, 154 
W workgroup information system, 8 
workgroup operating system, 142 
WAN (wide area network), 250 workgroup sphere of influence, 140 
waterfall system development process, 513-547 workstation, 129-130 
advantages and disadvantages of, 514 World Wide Web (WWW), 263 
integration and testing, 537-539 blogging, 275 
system analysis, 522-529 client/server architecture (see client/server architecture) 
system construction, 535-537 conferencing, 274 
system design, 529-535 developing content and applications, 268-269 
system development, 504 education, 271 
system implementation, 539-543 geolocation, 278-279 
system investigation, 514-521 instant messaging, 273-274 
system maintenance, 544-545 intranets, 279 
system operation, 543-544 job information, 271-272 
Web-based application suite, 153 microblogging, 274 
Web browser, 266 movies, video, and television, 275-276 
Web developers, 16, 17 music, 275 
Web server navigation, 278-279 
hardware, 347-348 news, 271 
software, 348 news feeds, 274 
web site privacy policy, 80 online games and entertainment, 276 
Web sites online media and entertainment, 275 
bartering, 337 podcasting, 275 
building traffic, 343-344 search engines, 272-273 
establishing, 342-343 shopping online, 276-278 
functions of, 342 social Web, 269-271 
improving, 344-345 status updates, 274 
maintaining, 344-345 training, 271 
mobile commerce, 322 travel, 278-279 
outages, 348 Web 2.0 technologies, 269-270, 271 
security, 330 worms, 34 
travel, 278-279 WWW. See World Wide Web (WWW) 
Web 2.0 technologies, 269-270, 271 
wholesale electronic commerce, 332 X 
wide area network (WAN), 250 
Wi-Fi, 254-255 XML (Extensible Markup Language), 267 
Windows Embedded, 139 XP (extreme programming), 549 
Windows Server, 142 
Windows XP, 546 
wireless communication, 252-253 Z 
frequency ranges, 253 zero-day attack, 32 
wireless connection, 263 zombie, 35 
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